libxt_string: fix undefined behavior/incorrect patlen calculation

strlen ran over the end of the string. Use strnlen to bound it.

Reference: http://bugs.debian.org/513516
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 6bd27c0b4dd19f97f3c70b66b67b2ec40e05d179..aa52fa8d3196d46145403ccaf8f7b21cc95eb244 100644 (file)
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -20,6 +20,7 @@
  *             updated to work with slightly modified
  *             ipt_string_info.
  */
+#define _GNU_SOURCE 1
 #include <stdio.h>
 #include <netdb.h>
 #include <string.h>
@@ -207,7 +208,8 @@ string_parse(int c, char **argv, int invert, unsigned int *flags,
                        else
                                stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
                }
-               stringinfo->patlen=strlen((char *)&stringinfo->pattern);
+               stringinfo->patlen = strnlen((char *)&stringinfo->pattern,
+                       sizeof(stringinfo->patlen));
                *flags |= STRING;
                break;