xtables-translate: Guard strcpy() call in xlate_ifname()

The function potentially fed overlong strings to strcpy(). Given that
everything needed to avoid this is there, reorder code a bit to prevent
those inputs, too.

Fixes: 0ddd663e9c167 ("iptables-translate: add in/out ifname wildcard match translation to nft")

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index a42c60a3b64c6309293a6f024f07860219b40536..77a186b905d73686f530891d4c406cad0608c8ea 100644 (file)
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -32,14 +32,13 @@
 void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname,
                  bool invert)
 {
+       int ifaclen = strlen(ifname);
        char iface[IFNAMSIZ];
-       int ifaclen;
 
-       if (ifname[0] == '\0')
+       if (ifaclen < 1 || ifaclen >= IFNAMSIZ)
                return;
 
        strcpy(iface, ifname);
-       ifaclen = strlen(iface);
        if (iface[ifaclen - 1] == '+')
                iface[ifaclen - 1] = '*';