libxt_LED: Avoid string overrun while parsing led-trigger-id

Instead of using strcat() and assuming the name will fit, print into the
buffer using snprintf() which truncates the string as needed.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/extensions/libxt_LED.c b/extensions/libxt_LED.c
index 8622c379e68bcbe49f14b2c2b1e0f44518a7827e..6ada795056431f4bf0e5f7fc8967c2c6b6b6ccc8 100644 (file)
--- a/extensions/libxt_LED.c
+++ b/extensions/libxt_LED.c
@@ -53,8 +53,7 @@ static void LED_parse(struct xt_option_call *cb)
        xtables_option_parse(cb);
        switch (cb->entry->id) {
        case O_LED_TRIGGER_ID:
-               strcpy(led->id, "netfilter-");
-               strcat(led->id, cb->arg);
+               snprintf(led->id, sizeof(led->id), "netfilter-%s", cb->arg);
                break;
        case O_LED_DELAY:
                if (strncasecmp(cb->arg, "inf", 3) == 0)