output: SQLITE3: fix possible buffer overruns

There is a an off-by-one error in the size of some of the buffers used
to hold key-names.  The maximum length of a name is `ULOGD_MAX_KEYLEN`,
and so declare the buffers with size `ULOGD_MAX_KEYLEN + 1`.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/output/sqlite3/ulogd_output_SQLITE3.c b/output/sqlite3/ulogd_output_SQLITE3.c
index 20ceb3b5d6e2e54b620e3f905170510205995883..554b1b34488c0290f737c012be3c153c75fe8a88 100644 (file)
--- a/output/sqlite3/ulogd_output_SQLITE3.c
+++ b/output/sqlite3/ulogd_output_SQLITE3.c
@@ -48,7 +48,7 @@
 
 struct field {
        TAILQ_ENTRY(field) link;
-       char name[ULOGD_MAX_KEYLEN];
+       char name[ULOGD_MAX_KEYLEN + 1];
        struct ulogd_key *key;
 };
 
@@ -214,7 +214,7 @@ sqlite3_createstmt(struct ulogd_pluginstance *pi)
 {
        struct sqlite3_priv *priv = (void *)pi->private;
        struct field *f;
-       char buf[ULOGD_MAX_KEYLEN];
+       char buf[ULOGD_MAX_KEYLEN + 1];
        char *underscore;
        char *stmt_pos;
        int i, cols = 0;
@@ -305,7 +305,7 @@ static int
 sqlite3_init_db(struct ulogd_pluginstance *pi)
 {
        struct sqlite3_priv *priv = (void *)pi->private;
-       char buf[ULOGD_MAX_KEYLEN];
+       char buf[ULOGD_MAX_KEYLEN + 1];
        char *underscore;
        struct field *f;
        sqlite3_stmt *schema_stmt;