diff options
author | Phil Sutter <phil@nwl.cc> | 2018-09-19 15:16:50 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-24 11:24:01 +0200 |
commit | 8e798e050367dfe43bb958f11dd3170b03bda49e (patch) | |
tree | 086338c12fb46e635268a897a4ed477c30f31922 | |
parent | 74eb2395c838460384286c2b95f711ae275a46cb (diff) |
libxt_conntrack: Avoid potential buffer overrun
In print_addr(), a resolved hostname is written into a buffer without
size check. Since BUFSIZ is typically 8192 bytes, this shouldn't be an
issue, though covscan complained about it. Fix the code by using
conntrack_dump_addr() as an example.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | extensions/libxt_conntrack.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index f1bc8f45..daa8c15a 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -673,20 +673,20 @@ static void print_addr(const struct in_addr *addr, const struct in_addr *mask, int inv, int numeric) { - char buf[BUFSIZ]; - if (inv) printf(" !"); if (mask->s_addr == 0L && !numeric) - printf(" %s", "anywhere"); + printf(" anywhere"); else { if (numeric) - strcpy(buf, xtables_ipaddr_to_numeric(addr)); + printf(" %s%s", + xtables_ipaddr_to_numeric(addr), + xtables_ipmask_to_numeric(mask)); else - strcpy(buf, xtables_ipaddr_to_anyname(addr)); - strcat(buf, xtables_ipmask_to_numeric(mask)); - printf(" %s", buf); + printf(" %s%s", + xtables_ipaddr_to_anyname(addr), + xtables_ipmask_to_numeric(mask)); } } |