]> git.ipfire.org Git - thirdparty/ipset.git/commit
projects / thirdparty / ipset.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f1bcacf) | patch
lib: ipset: Avoid 'argv' array overstepping
authorPhil Sutter <phil@nwl.cc>
Thu, 27 Jun 2024 08:18:17 +0000 (10:18 +0200)
committerJozsef Kadlecsik <kadlec@netfilter.org>
Thu, 27 Jun 2024 13:54:27 +0000 (15:54 +0200)
commit851cb04ffee5040f1e0063f77c3fe9bc6245e0fb
treeef63594ff7a174e9029ff0aae67d207ed32776cbtree
parentf1bcacf5eeb8620ea684524e1ce9c3951a77f1f9commit | diff
lib: ipset: Avoid 'argv' array overstepping

The maximum accepted value for 'argc' is MAX_ARGS which matches 'argv'
array size. The maximum allowed array index is therefore argc-1.

This fix will leave items in argv non-NULL-terminated, so explicitly
NULL the formerly last entry after shifting.

Looks like a day-1 bug. Interestingly, this neither triggered ASAN nor
valgrind. Yet adding debug output printing argv entries being copied
did.

Fixes: 1e6e8bd9a62aa ("Third stage to ipset-5")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
lib/ipset.c diff | blob | blame | history
Mirror of git://git.netfilter.org/ipset