main: fix ASAN -fsanitize=address error in get_optstring()

nft list table bridge t
=================================================================
==28552==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5579c662e816 at pc 0x7fc2803246aa bp 0x7fff495c86f0 sp 0x7fff495c7ea0
WRITE of size 2 at 0x5579c662e816 thread T0
    #0 0x7fc2803246a9 in vsprintf (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x546a9)
    #1 0x7fc2803249f6 in __interceptor_sprintf (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x549f6)
    #2 0x5579c661e7d2 in get_optstring nftables/src/main.c:128
    #3 0x5579c66202af in main nftables/src/main.c:315
    #4 0x7fc27ea7b09a in __libc_start_main ../csu/libc-start.c:308
    #5 0x5579c661e439 in _start (nftables/src/.libs/nft+0x9439)

0x5579c662e816 is located 0 bytes to the right of global variable 'optstring' defined in 'main.c:121:14' (0x5579c662e800) of size 22
0x5579c662e816 is located 42 bytes to the left of global variable 'options' defined in 'main.c:137:23' (0x5579c662e840) of size 672
SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x546a9) in vsprintf
Shadow bytes around the buggy address:
  0x0aafb8cbdcb0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0aafb8cbdcc0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0aafb8cbdcd0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0aafb8cbdce0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aafb8cbdcf0: 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9
=>0x0aafb8cbdd00: 00 00[06]f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x0aafb8cbdd10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aafb8cbdd20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aafb8cbdd30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aafb8cbdd40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aafb8cbdd50: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28552==ABORTING

Fixes: 719e44277f8e ("main: use one data-structure to initialize getopt_long(3) arguments and help.")
Signed-of-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/main.c b/src/main.c
index 3dc6b62c01858ec0d05bbc12029ff75637fa1dd6..d213c6011bea7107ff9881e8bbf851fe83fdff49 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -124,10 +124,10 @@ static const char *get_optstring(void)
                size_t i, j;
 
                optstring[0] = '+';
-               for (i = 0, j = 1; i < NR_NFT_OPTIONS; i++)
-                       j += sprintf(optstring + j, "%c%s",
-                                    nft_options[i].val,
-                                    nft_options[i].arg ? ":" : "");
+               for (i = 0, j = 1; i < NR_NFT_OPTIONS && j < sizeof(optstring); i++)
+                       j += snprintf(optstring + j, sizeof(optstring) - j, "%c%s",
+                                     nft_options[i].val,
+                                     nft_options[i].arg ? ":" : "");
        }
        return optstring;
 }