evaluate: validate maximum log statement prefix length

Otherwise too long string overruns the log prefix buffer. Fixes: e76bb3794018 ("src: allow for variables in the log prefix string") Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1714 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2023-10-17 15:50:21 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2023-10-17 15:54:23 +0200
commit: 6ceec21204e0260af2d50e9e987d0fe3c79c28d4 (patch)
tree: 382438d67fa049d86aafd0729e7d3090918668ea /src/evaluate.c
parent: bfb22bbf0f03a3f3ce0ab71d4a2dce7516bc23a0 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index b7ae9113..2196e928 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -4175,8 +4175,13 @@ static int stmt_evaluate_log_prefix(struct eval_ctx *ctx, struct stmt *stmt)
 	size_t offset = 0;
 	struct expr *expr;
 
-	if (stmt->log.prefix->etype != EXPR_LIST)
+	if (stmt->log.prefix->etype != EXPR_LIST) {
+		if (stmt->log.prefix &&
+		    div_round_up(stmt->log.prefix->len, BITS_PER_BYTE) >= NF_LOG_PREFIXLEN)
+			return expr_error(ctx->msgs, stmt->log.prefix, "log prefix is too long");
+
 		return 0;
+	}
 
 	prefix[0] = '\0';
author	Pablo Neira Ayuso <pablo@netfilter.org>	2023-10-17 15:50:21 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-10-17 15:54:23 +0200
commit	6ceec21204e0260af2d50e9e987d0fe3c79c28d4 (patch)
tree	382438d67fa049d86aafd0729e7d3090918668ea /src/evaluate.c
parent	bfb22bbf0f03a3f3ce0ab71d4a2dce7516bc23a0 (diff)