main: fix get_optstring truncating output

Without this patch, get_optstring returns optstring = +hvVcf:insNSI:d:aejuy.
After this patch, get_optstring returns optstring = +hvVcf:insNSI:d:aejuypTt

This is due to optstring containing up to two chars per option, thus it was too
short.

Fixes: 906facf31d1d ("main: fix ASAN -fsanitize=address error in get_optstring()")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/main.c b/src/main.c
index d213c6011bea7107ff9881e8bbf851fe83fdff49..d830c7a2cc1bc2b33c4597ea1b81df2dd6ada151 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -118,7 +118,7 @@ static const struct nft_opt nft_options[] = {
 
 static const char *get_optstring(void)
 {
-       static char optstring[NR_NFT_OPTIONS + 2];
+       static char optstring[2 * NR_NFT_OPTIONS + 2];
 
        if (!optstring[0]) {
                size_t i, j;
@@ -128,6 +128,8 @@ static const char *get_optstring(void)
                        j += snprintf(optstring + j, sizeof(optstring) - j, "%c%s",
                                      nft_options[i].val,
                                      nft_options[i].arg ? ":" : "");
+
+               assert(j < sizeof(optstring));
        }
        return optstring;
 }