diff options
| author | Jeremy Sowden <jeremy@azazel.net> | 2022-12-03 19:02:10 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-12-08 21:48:51 +0100 |
| commit | 49f6def6fcbaf01f395fbe00543a9ab2c4bb106e (patch) | |
| tree | a277e81f7eccb44372af276556a103f09d3d7691 | |
| parent | 28e6eacfa96f729fce69f003ae16b96ad8503404 (diff) | |
filter: fix buffer sizes in filter plug-ins
Three of the filter plug-ins define arrays to hold output key values.
The arrays are sized based on the values of enums. For example:
enum output_keys {
KEY_MAC_TYPE,
KEY_MAC_PROTOCOL,
KEY_MAC_SADDR,
START_KEY = KEY_MAC_SADDR,
KEY_MAC_DADDR,
KEY_MAC_ADDR,
MAX_KEY = KEY_MAC_ADDR,
};
static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH];
The arrays are indexed by subtracting `START_KEY` from the enum value of
the key currently being processed: `hwmac_str[okey - START_KEY]`.
However, this means that the last key (`KEY_MAC_ADDR` in this example)
will run off the end of the array. Increase the size of the arrays.
In the case of `IP2BIN` and `IP2HBIN`, there is no overrun, but only
because they use the wrong upper bound when looping over the keys, and
thus don't assign a value to the last key. Correct the bound.
Also some small white-space tweaks.
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=890
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | filter/ulogd_filter_HWHDR.c | 4 | ||||
| -rw-r--r-- | filter/ulogd_filter_IP2BIN.c | 14 | ||||
| -rw-r--r-- | filter/ulogd_filter_IP2HBIN.c | 2 | ||||
| -rw-r--r-- | filter/ulogd_filter_IP2STR.c | 6 |
4 files changed, 13 insertions, 13 deletions
diff --git a/filter/ulogd_filter_HWHDR.c b/filter/ulogd_filter_HWHDR.c index bbca5e9..a5ee60d 100644 --- a/filter/ulogd_filter_HWHDR.c +++ b/filter/ulogd_filter_HWHDR.c @@ -109,7 +109,7 @@ static struct ulogd_key mac2str_keys[] = { }, }; -static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH]; +static char hwmac_str[MAX_KEY - START_KEY + 1][HWADDR_LENGTH]; static int parse_mac2str(struct ulogd_key *ret, unsigned char *mac, int okey, int len) @@ -126,7 +126,7 @@ static int parse_mac2str(struct ulogd_key *ret, unsigned char *mac, buf_cur = hwmac_str[okey - START_KEY]; for (i = 0; i < len; i++) buf_cur += sprintf(buf_cur, "%02x%c", mac[i], - i == len - 1 ? 0 : ':'); + i == len - 1 ? 0 : ':'); okey_set_ptr(&ret[okey], hwmac_str[okey - START_KEY]); diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c index 2172d93..42bcd7c 100644 --- a/filter/ulogd_filter_IP2BIN.c +++ b/filter/ulogd_filter_IP2BIN.c @@ -114,7 +114,7 @@ static struct ulogd_key ip2bin_keys[] = { }; -static char ipbin_array[MAX_KEY-START_KEY][IPADDR_LENGTH]; +static char ipbin_array[MAX_KEY - START_KEY + 1][IPADDR_LENGTH]; /** * Convert IPv4 address (as 32-bit unsigned integer) to IPv6 address: @@ -128,7 +128,7 @@ static inline void uint32_to_ipv6(const uint32_t ipv4, struct in6_addr *ipv6) ipv6->s6_addr32[3] = ipv4; } -static int ip2bin(struct ulogd_key* inp, int index, int oindex) +static int ip2bin(struct ulogd_key *inp, int index, int oindex) { char family = ikey_get_u8(&inp[KEY_OOB_FAMILY]); char convfamily = family; @@ -184,7 +184,7 @@ static int ip2bin(struct ulogd_key* inp, int index, int oindex) addr8 = &addr->s6_addr[0]; for (i = 0; i < 4; i++) { written = sprintf(buffer, "%02x%02x%02x%02x", - addr8[0], addr8[1], addr8[2], addr8[3]); + addr8[0], addr8[1], addr8[2], addr8[3]); if (written != 2 * 4) { buffer[0] = 0; return ULOGD_IRET_ERR; @@ -205,13 +205,13 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi) int fret; /* Iter on all addr fields */ - for(i = START_KEY; i < MAX_KEY; i++) { + for(i = START_KEY; i <= MAX_KEY; i++) { if (pp_is_valid(inp, i)) { - fret = ip2bin(inp, i, i-START_KEY); + fret = ip2bin(inp, i, i - START_KEY); if (fret != ULOGD_IRET_OK) return fret; - okey_set_ptr(&ret[i-START_KEY], - ipbin_array[i-START_KEY]); + okey_set_ptr(&ret[i - START_KEY], + ipbin_array[i - START_KEY]); } } diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c index 087e824..2711f9c 100644 --- a/filter/ulogd_filter_IP2HBIN.c +++ b/filter/ulogd_filter_IP2HBIN.c @@ -153,7 +153,7 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi) } /* Iter on all addr fields */ - for(i = START_KEY; i < MAX_KEY; i++) { + for(i = START_KEY; i <= MAX_KEY; i++) { if (pp_is_valid(inp, i)) { switch (convfamily) { case AF_INET: diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c index 66324b0..4d05368 100644 --- a/filter/ulogd_filter_IP2STR.c +++ b/filter/ulogd_filter_IP2STR.c @@ -137,7 +137,7 @@ static struct ulogd_key ip2str_keys[] = { }, }; -static char ipstr_array[MAX_KEY-START_KEY][IPADDR_LENGTH]; +static char ipstr_array[MAX_KEY - START_KEY + 1][IPADDR_LENGTH]; static int ip2str(struct ulogd_key *inp, int index, int oindex) { @@ -197,10 +197,10 @@ static int interp_ip2str(struct ulogd_pluginstance *pi) /* Iter on all addr fields */ for (i = START_KEY; i <= MAX_KEY; i++) { if (pp_is_valid(inp, i)) { - fret = ip2str(inp, i, i-START_KEY); + fret = ip2str(inp, i, i - START_KEY); if (fret != ULOGD_IRET_OK) return fret; - okey_set_ptr(&ret[i-START_KEY], + okey_set_ptr(&ret[i - START_KEY], ipstr_array[i-START_KEY]); } } |