filter: fix buffer sizes in filter plug-ins

Three of the filter plug-ins define arrays to hold output key values.
The arrays are sized based on the values of enums.  For example:

  enum output_keys {
    KEY_MAC_TYPE,
    KEY_MAC_PROTOCOL,
    KEY_MAC_SADDR,
    START_KEY = KEY_MAC_SADDR,
    KEY_MAC_DADDR,
    KEY_MAC_ADDR,
    MAX_KEY = KEY_MAC_ADDR,
  };

  static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH];

The arrays are indexed by subtracting `START_KEY` from the enum value of
the key currently being processed: `hwmac_str[okey - START_KEY]`.
However, this means that the last key (`KEY_MAC_ADDR` in this example)
will run off the end of the array.  Increase the size of the arrays.

In the case of `IP2BIN` and `IP2HBIN`, there is no overrun, but only
because they use the wrong upper bound when looping over the keys, and
thus don't assign a value to the last key.  Correct the bound.

Also some small white-space tweaks.

Link: https://bugzilla.netfilter.org/show_bug.cgi?id=890
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/filter/ulogd_filter_HWHDR.c b/filter/ulogd_filter_HWHDR.c
index bbca5e9b92f28c03dfc7d01bef2f9d7344802a6b..a5ee60dea44bf67b271a01d131dec2dc8d716099 100644 (file)
--- a/filter/ulogd_filter_HWHDR.c
+++ b/filter/ulogd_filter_HWHDR.c
@@ -109,7 +109,7 @@ static struct ulogd_key mac2str_keys[] = {
        },
 };
 
-static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH];
+static char hwmac_str[MAX_KEY - START_KEY + 1][HWADDR_LENGTH];
 
 static int parse_mac2str(struct ulogd_key *ret, unsigned char *mac,
                         int okey, int len)
@@ -126,7 +126,7 @@ static int parse_mac2str(struct ulogd_key *ret, unsigned char *mac,
        buf_cur = hwmac_str[okey - START_KEY];
        for (i = 0; i < len; i++)
                buf_cur += sprintf(buf_cur, "%02x%c", mac[i],
-                               i == len - 1 ? 0 : ':');
+                                  i == len - 1 ? 0 : ':');
 
        okey_set_ptr(&ret[okey], hwmac_str[okey - START_KEY]);
 

diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 2172d93506d514718e2c43cfbfc2ca61736331d8..42bcd7c15f1b3d6d5b40d4f6ffafc60fe6e2261d 100644 (file)
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -114,7 +114,7 @@ static struct ulogd_key ip2bin_keys[] = {
 
 };
 
-static char ipbin_array[MAX_KEY-START_KEY][IPADDR_LENGTH];
+static char ipbin_array[MAX_KEY - START_KEY + 1][IPADDR_LENGTH];
 
 /**
  * Convert IPv4 address (as 32-bit unsigned integer) to IPv6 address:
@@ -128,7 +128,7 @@ static inline void uint32_to_ipv6(const uint32_t ipv4, struct in6_addr *ipv6)
        ipv6->s6_addr32[3] = ipv4;
 }
 
-static int ip2bin(struct ulogd_key* inp, int index, int oindex)
+static int ip2bin(struct ulogd_key *inp, int index, int oindex)
 {
        char family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
        char convfamily = family;
@@ -184,7 +184,7 @@ static int ip2bin(struct ulogd_key* inp, int index, int oindex)
        addr8 = &addr->s6_addr[0];
        for (i = 0; i < 4; i++) {
                written = sprintf(buffer, "%02x%02x%02x%02x",
-                               addr8[0], addr8[1], addr8[2], addr8[3]);
+                                 addr8[0], addr8[1], addr8[2], addr8[3]);
                if (written != 2 * 4) {
                        buffer[0] = 0;
                        return ULOGD_IRET_ERR;
@@ -205,13 +205,13 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
        int fret;
 
        /* Iter on all addr fields */
-       for(i = START_KEY; i < MAX_KEY; i++) {
+       for(i = START_KEY; i <= MAX_KEY; i++) {
                if (pp_is_valid(inp, i)) {
-                       fret = ip2bin(inp, i, i-START_KEY);
+                       fret = ip2bin(inp, i, i - START_KEY);
                        if (fret != ULOGD_IRET_OK)
                                return fret;
-                       okey_set_ptr(&ret[i-START_KEY],
-                                    ipbin_array[i-START_KEY]);
+                       okey_set_ptr(&ret[i - START_KEY],
+                                    ipbin_array[i - START_KEY]);
                }
        }
 

diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 087e824ae94b72825847865eab4a066166461d54..2711f9c3e12a0426dab31854c34af04343ebaba6 100644 (file)
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -153,7 +153,7 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
        }
 
        /* Iter on all addr fields */
-       for(i = START_KEY; i < MAX_KEY; i++) {
+       for(i = START_KEY; i <= MAX_KEY; i++) {
                if (pp_is_valid(inp, i)) {
                        switch (convfamily) {
                        case AF_INET:

diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 66324b0b3b22442597b65e499f796f44a6d651d1..4d0536817b6c567944831d450c68bb335ca6f80e 100644 (file)
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -137,7 +137,7 @@ static struct ulogd_key ip2str_keys[] = {
        },
 };
 
-static char ipstr_array[MAX_KEY-START_KEY][IPADDR_LENGTH];
+static char ipstr_array[MAX_KEY - START_KEY + 1][IPADDR_LENGTH];
 
 static int ip2str(struct ulogd_key *inp, int index, int oindex)
 {
@@ -197,10 +197,10 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
        /* Iter on all addr fields */
        for (i = START_KEY; i <= MAX_KEY; i++) {
                if (pp_is_valid(inp, i)) {
-                       fret = ip2str(inp, i, i-START_KEY);
+                       fret = ip2str(inp, i, i - START_KEY);
                        if (fret != ULOGD_IRET_OK)
                                return fret;
-                       okey_set_ptr(&ret[i-START_KEY],
+                       okey_set_ptr(&ret[i - START_KEY],
                                     ipstr_array[i-START_KEY]);
                }
        }