From 393854b12be53f686074e55aac598ca0ba13e48f Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Tue, 6 May 2014 19:19:46 +0200 Subject: data_reg: fix bad buffer size bounds These calls need to use the new buffer size, instead of the size that the buffer originally had. Bugs introduced by myself at dec68741 [data_reg: fix verdict format approach]. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/expr/data_reg.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index 0523cb7..44281f7 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -304,7 +304,7 @@ nft_data_reg_verdict_snprintf_def(char *buf, size_t size, SNPRINTF_BUFFER_SIZE(ret, size, len, offset); if (reg->chain != NULL) { - ret = snprintf(buf+offset, size, "-> %s ", reg->chain); + ret = snprintf(buf+offset, len, "-> %s ", reg->chain); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } @@ -322,12 +322,12 @@ nft_data_reg_verdict_snprintf_xml(char *buf, size_t size, SNPRINTF_BUFFER_SIZE(ret, size, len, offset); if (reg->chain != NULL) { - ret = snprintf(buf+offset, size, "%s", + ret = snprintf(buf+offset, len, "%s", reg->chain); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - ret = snprintf(buf+offset, size, ""); + ret = snprintf(buf+offset, len, ""); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); return offset; @@ -344,12 +344,12 @@ nft_data_reg_verdict_snprintf_json(char *buf, size_t size, SNPRINTF_BUFFER_SIZE(ret, size, len, offset); if (reg->chain != NULL) { - ret = snprintf(buf+offset, size, ",\"chain\":\"%s\"", + ret = snprintf(buf+offset, len, ",\"chain\":\"%s\"", reg->chain); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - ret = snprintf(buf+offset, size, "}"); + ret = snprintf(buf+offset, len, "}"); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); return offset; -- cgit v1.2.3