Commit 009a0c276d3 for php.net

commit 009a0c276d32b214166d72dc73634b8623c580f1
Author: Ilia Alshanetsky <ilia@ilia.ws>
Date:   Sat Jun 20 21:09:19 2026 -0400

    ext/sockets: bound interface name copy in from_zval_write_ifindex()

    The SIOCGIFINDEX fallback checked ZSTR_LEN against sizeof(ifr.ifr_name)
    but did not return on overflow, then memcpy'd ZSTR_LEN+1 bytes into the
    fixed ifr_name buffer, so an over-long interface name overran the stack.
    This regressed in 3e9b530d625, which replaced the original bounded
    strlcpy with an unguarded memcpy. Restore the strlcpy plus else-if guard,
    matching PHP-8.4.

    Closes GH-22379

diff --git a/ext/sockets/conversions.c b/ext/sockets/conversions.c
index d6f208d6986..61a76fb4893 100644
--- a/ext/sockets/conversions.c
+++ b/ext/sockets/conversions.c
@@ -1270,11 +1270,10 @@ static void from_zval_write_ifindex(const zval *zv, char *uinteger, ser_context
 #elif defined(SIOCGIFINDEX)
 		{
 			struct ifreq ifr;
-			if (ZSTR_LEN(str) >= sizeof(ifr.ifr_name)) {
+			if (strlcpy(ifr.ifr_name, ZSTR_VAL(str), sizeof(ifr.ifr_name))
+					>= sizeof(ifr.ifr_name)) {
 				do_from_zval_err(ctx, "the interface name \"%s\" is too large ", ZSTR_VAL(str));
-			}
-			memcpy(ifr.ifr_name, ZSTR_VAL(str), ZSTR_LEN(str) + 1);
-			if (ioctl(ctx->sock->bsd_socket, SIOCGIFINDEX, &ifr) < 0) {
+			} else if (ioctl(ctx->sock->bsd_socket, SIOCGIFINDEX, &ifr) < 0) {
 				if (errno == ENODEV) {
 					do_from_zval_err(ctx, "no interface with name \"%s\" could be "
 							"found", ZSTR_VAL(str));