fix: eight separate calls to strcpy(ifr in ifenslave.c

[orbisai0security]

Summary

Fix critical severity security issue in package/network/ifenslave/ifenslave.c.

Vulnerability

Field	Value
ID	V-001
Severity	CRITICAL
Scanner	multi_agent_ai
Rule	V-001
File	package/network/ifenslave/ifenslave.c:525

Description: Eight separate calls to strcpy(ifr.ifr_name, ifname) copy a user-supplied network interface name into the fixed-size ifr_name field of struct ifreq (IFNAMSIZ = 16 bytes) without any length validation. An interface name longer than 15 characters will overflow the buffer and corrupt adjacent stack memory, potentially overwriting return addresses or function pointers. This vulnerability is confirmed with high confidence based on direct code evidence.

Changes

• package/network/ifenslave/ifenslave.c

Verification

• Build passes
• Scanner re-scan confirms fix
• LLM code review passed

---

Automated security fix by OrbisAI Security

[rxrbln]

I appreciate your enthusiasm and will to help. But this is an old thirty party file barely anyone ever used. All pkg security things should mostly be done upstream. For this specific, exotic and rarely used thing there is unfortunately not realy an upstream anymore. I noticed thru repology version work months ago Debian has something newer: https://repology.org/project/ifenslave/versions the best is to start with updating to this first.

[orbisai0security]

Okay, I will start with exploring the newer ifenslave version and close this PR out.

[rxrbln]

Can you please stop this random issue an pr spam? Opening and closing at random. The pr or issue should have course stay open until resolved! Thanks.