]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 28dcf16)
nft: arp: fix possible string overflow
authorGiuseppe Longo <giuseppelng@gmail.com>
Sat, 12 Oct 2013 09:21:52 +0000 (11:21 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 30 Dec 2013 22:50:52 +0000 (23:50 +0100)
This patch replaces strcat with strncat and strcpy with strncpy
fixing possible string overflow.

Based on the original patch:

http://patchwork.ozlabs.org/patch/279672/

from Jaromír Končický via Jiri Popelka.

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
iptables/nft-arp.c patch | blob | blame | history
iptables/xtables-arp.c patch | blob | blame | history

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 08f8814554ed887805e5f6c6e97286ed7a71e23a..17101369f782ad44426a6c74c1265fcde17ab3cc 100644 (file)
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -459,7 +459,8 @@ nft_arp_print_firewall(struct nft_rule *r, unsigned int num,
                        sprintf(buf, "%s", addr_to_dotted(&(fw.arp.src)));
                else
                        sprintf(buf, "%s", addr_to_anyname(&(fw.arp.src)));
-               strcat(buf, mask_to_dotted(&(fw.arp.smsk)));
+               strncat(buf, mask_to_dotted(&(fw.arp.smsk)),
+                       sizeof(buf) - strlen(buf) - 1);
                printf("-s %s ", buf);
        }
 
@@ -483,7 +484,8 @@ after_devsrc:
                        sprintf(buf, "%s", addr_to_dotted(&(fw.arp.tgt)));
                else
                        sprintf(buf, "%s", addr_to_anyname(&(fw.arp.tgt)));
-               strcat(buf, mask_to_dotted(&(fw.arp.tmsk)));
+               strncat(buf, mask_to_dotted(&(fw.arp.tmsk)),
+                       sizeof(buf) - strlen(buf) - 1);
                printf("-d %s ", buf);
        }
 
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 411a6998640026bfef81ec07719d2d18fce4ec53..18f285c602d2de98e23cc92d1e8068c7f06e3191 100644 (file)
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -847,7 +847,8 @@ static struct xtables_target *command_jump(struct arpt_entry *fw,
 
        target->t = xtables_calloc(1, size);
        target->t->u.target_size = size;
-       strcpy(target->t->u.user.name, jumpto);
+       strncpy(target->t->u.user.name, jumpto, sizeof(target->t->u.user.name));
+       target->t->u.user.name[sizeof(target->t->u.user.name)-1] = '\0';
        target->t->u.user.revision = target->revision;
 
        xs_init_target(target);
Mirror of git://git.netfilter.org/iptables