extensions: format-security fixes in libip[6]t_icmp

commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
introduced support for gcc feature to check format string against passed
argument.  This commit adds missing bits to extenstions's libipt_icmp.c
and libip6t_icmp6.c that were causing build to fail.

Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
Signed-off-by: Adam Gołębiowski <adamg@pld-linux.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index 45a71875722c47d24f13f485604453fa8a242696..cc7bfaeb72fd7a355acfcfa311cecf855211e3ec 100644 (file)
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
        type_name = icmp6_type_xlate(icmptype);
 
        if (type_name) {
-               xt_xlate_add(xl, type_name);
+               xt_xlate_add(xl, "%s", type_name);
        } else {
                for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
                        if (icmpv6_codes[i].type == icmptype &&
@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
                                break;
 
                if (i != ARRAY_SIZE(icmpv6_codes))
-                       xt_xlate_add(xl, icmpv6_codes[i].name);
+                       xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
                else
                        return 0;
        }

diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 5418997668d4cc8597e8b0b6cc980cb952a4b40a..e76257c54708c4cff5253f80ff688152c444df48 100644 (file)
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
                        if (icmp_codes[i].type == icmptype &&
                            icmp_codes[i].code_min == code_min &&
                            icmp_codes[i].code_max == code_max) {
-                               xt_xlate_add(xl, icmp_codes[i].name);
+                               xt_xlate_add(xl, "%s", icmp_codes[i].name);
                                return 1;
                        }
        }