path: root/src/datatype.c
diff options
authorPablo Neira Ayuso <>2013-11-24 19:49:15 +0100
committerPablo Neira Ayuso <>2013-11-25 00:15:06 +0100
commit99af859adcf8b8d44ac8a2202467f4b7b4987e3f (patch)
tree61f7ae4bb3f382ee140b317893cc4949bb6e39c1 /src/datatype.c
parenta6931ebc4742476ce3098d74e4ece263c65ae142 (diff)
datatype: fix missing nul-terminated string in string_type_print
Thomas Berger reported that he is seeing garbage after valid string values, eg. fwtest01 ~ # nft -i nft> table filter nft> add chain filter input nft> add rule filter input meta iifname "lo" accept nft> list table filter table ip filter { chain input { meta iifname "lo�.�" accept } ... The buffer that is allocated in the stack does not include room to nul-terminate the string accordingly. This patch fixes bugzilla report #872: Reported-by: Thomas Berger <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src/datatype.c')
1 files changed, 2 insertions, 1 deletions
diff --git a/src/datatype.c b/src/datatype.c
index 4c5a70f2..2e5788dc 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -256,9 +256,10 @@ const struct datatype integer_type = {
static void string_type_print(const struct expr *expr)
unsigned int len = div_round_up(expr->len, BITS_PER_BYTE);
- char data[len];
+ char data[len+1];
mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len);
+ data[len] = '\0';
printf("\"%s\"", data);