diff options
author | Phil Sutter <phil@nwl.cc> | 2018-09-19 15:16:51 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-24 11:24:02 +0200 |
commit | 749d3c2ecd6a9dc21f5a442c44495cb705621dff (patch) | |
tree | 6d1198c5a2d5ac1020ef324313af98da18fb5718 | |
parent | 8e798e050367dfe43bb958f11dd3170b03bda49e (diff) |
libxt_ipvs: Avoid potential buffer overrun
Just like with libxt_conntrack, get rid of the temporary buffer. The
comment even states that it was copied from there, so just make them
identical again.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | extensions/libxt_ipvs.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c index 46727660..a6c57a03 100644 --- a/extensions/libxt_ipvs.c +++ b/extensions/libxt_ipvs.c @@ -126,19 +126,19 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr, const union nf_inet_addr *mask, unsigned int family, bool numeric) { - char buf[BUFSIZ]; - if (family == NFPROTO_IPV4) { if (!numeric && addr->ip == 0) { printf(" anywhere"); return; } if (numeric) - strcpy(buf, xtables_ipaddr_to_numeric(&addr->in)); + printf(" %s%s", + xtables_ipaddr_to_numeric(&addr->in), + xtables_ipmask_to_numeric(&mask->in)); else - strcpy(buf, xtables_ipaddr_to_anyname(&addr->in)); - strcat(buf, xtables_ipmask_to_numeric(&mask->in)); - printf(" %s", buf); + printf(" %s%s", + xtables_ipaddr_to_anyname(&addr->in), + xtables_ipmask_to_numeric(&mask->in)); } else if (family == NFPROTO_IPV6) { if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 && addr->ip6[2] == 0 && addr->ip6[3] == 0) { @@ -146,11 +146,13 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr, return; } if (numeric) - strcpy(buf, xtables_ip6addr_to_numeric(&addr->in6)); + printf(" %s%s", + xtables_ip6addr_to_numeric(&addr->in6), + xtables_ip6mask_to_numeric(&mask->in6)); else - strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6)); - strcat(buf, xtables_ip6mask_to_numeric(&mask->in6)); - printf(" %s", buf); + printf(" %s%s", + xtables_ip6addr_to_anyname(&addr->in6), + xtables_ip6mask_to_numeric(&mask->in6)); } } |