From: Giuseppe Longo Date: Sat, 12 Oct 2013 09:21:52 +0000 (+0200) Subject: nft: arp: fix possible string overflow X-Git-Tag: v1.6.0~111^2~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0cfd537e8020812ef02ce0e27b8b22a94d3820c3;p=thirdparty%2Fiptables.git nft: arp: fix possible string overflow This patch replaces strcat with strncat and strcpy with strncpy fixing possible string overflow. Based on the original patch: http://patchwork.ozlabs.org/patch/279672/ from Jaromír Končický via Jiri Popelka. Signed-off-by: Giuseppe Longo Signed-off-by: Pablo Neira Ayuso --- diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 08f88145..17101369 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -459,7 +459,8 @@ nft_arp_print_firewall(struct nft_rule *r, unsigned int num, sprintf(buf, "%s", addr_to_dotted(&(fw.arp.src))); else sprintf(buf, "%s", addr_to_anyname(&(fw.arp.src))); - strcat(buf, mask_to_dotted(&(fw.arp.smsk))); + strncat(buf, mask_to_dotted(&(fw.arp.smsk)), + sizeof(buf) - strlen(buf) - 1); printf("-s %s ", buf); } @@ -483,7 +484,8 @@ after_devsrc: sprintf(buf, "%s", addr_to_dotted(&(fw.arp.tgt))); else sprintf(buf, "%s", addr_to_anyname(&(fw.arp.tgt))); - strcat(buf, mask_to_dotted(&(fw.arp.tmsk))); + strncat(buf, mask_to_dotted(&(fw.arp.tmsk)), + sizeof(buf) - strlen(buf) - 1); printf("-d %s ", buf); } diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index 411a6998..18f285c6 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -847,7 +847,8 @@ static struct xtables_target *command_jump(struct arpt_entry *fw, target->t = xtables_calloc(1, size); target->t->u.target_size = size; - strcpy(target->t->u.user.name, jumpto); + strncpy(target->t->u.user.name, jumpto, sizeof(target->t->u.user.name)); + target->t->u.user.name[sizeof(target->t->u.user.name)-1] = '\0'; target->t->u.user.revision = target->revision; xs_init_target(target);