]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8e798e0)
libxt_ipvs: Avoid potential buffer overrun
authorPhil Sutter <phil@nwl.cc>
Wed, 19 Sep 2018 13:16:51 +0000 (15:16 +0200)
committerFlorian Westphal <fw@strlen.de>
Mon, 24 Sep 2018 09:24:02 +0000 (11:24 +0200)
Just like with libxt_conntrack, get rid of the temporary buffer. The
comment even states that it was copied from there, so just make them
identical again.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
extensions/libxt_ipvs.c patch | blob | blame | history

diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
index 46727660a027a04d9b4a500a6565d969a10f00aa..a6c57a030d2c643b8898eaa58adea238d599ca26 100644 (file)
--- a/extensions/libxt_ipvs.c
+++ b/extensions/libxt_ipvs.c
@@ -126,19 +126,19 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
                              const union nf_inet_addr *mask,
                              unsigned int family, bool numeric)
 {
-       char buf[BUFSIZ];
-
        if (family == NFPROTO_IPV4) {
                if (!numeric && addr->ip == 0) {
                        printf(" anywhere");
                        return;
                }
                if (numeric)
-                       strcpy(buf, xtables_ipaddr_to_numeric(&addr->in));
+                       printf(" %s%s",
+                              xtables_ipaddr_to_numeric(&addr->in),
+                              xtables_ipmask_to_numeric(&mask->in));
                else
-                       strcpy(buf, xtables_ipaddr_to_anyname(&addr->in));
-               strcat(buf, xtables_ipmask_to_numeric(&mask->in));
-               printf(" %s", buf);
+                       printf(" %s%s",
+                              xtables_ipaddr_to_anyname(&addr->in),
+                              xtables_ipmask_to_numeric(&mask->in));
        } else if (family == NFPROTO_IPV6) {
                if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
                    addr->ip6[2] == 0 && addr->ip6[3] == 0) {
@@ -146,11 +146,13 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
                        return;
                }
                if (numeric)
-                       strcpy(buf, xtables_ip6addr_to_numeric(&addr->in6));
+                       printf(" %s%s",
+                              xtables_ip6addr_to_numeric(&addr->in6),
+                              xtables_ip6mask_to_numeric(&mask->in6));
                else
-                       strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6));
-               strcat(buf, xtables_ip6mask_to_numeric(&mask->in6));
-               printf(" %s", buf);
+                       printf(" %s%s",
+                              xtables_ip6addr_to_anyname(&addr->in6),
+                              xtables_ip6mask_to_numeric(&mask->in6));
        }
 }
 
Mirror of git://git.netfilter.org/iptables