diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2018-08-31 11:43:39 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-09-03 20:52:40 +0200 |
commit | 4c16de1a51928ee023199195652ed90ce0fd5950 (patch) | |
tree | 644a55ada81ee74791480e93c979ce86a001b811 /lib/session.c | |
parent | 924284e6cd7fba5c4c618897605127c4016d50e3 (diff) |
Validate string type attributes in attr2data()
Otherwise, we are missing checks in some paths, e.g. we might
overrun the buffer used to save the set name in callback_list()
when we strcpy() to it.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'lib/session.c')
-rw-r--r-- | lib/session.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/session.c b/lib/session.c index ca96aaa..16b5549 100644 --- a/lib/session.c +++ b/lib/session.c @@ -678,6 +678,10 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], default: break; } + } else if (attr->type == MNL_TYPE_NUL_STRING) { + if (!d || strlen(d) >= attr->len) + FAILURE("Broken kernel message: " + "string type attribute missing or too long!"); } #ifdef IPSET_DEBUG else |