diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2022-12-03 19:02:10 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-12-08 21:48:51 +0100 |
commit | 49f6def6fcbaf01f395fbe00543a9ab2c4bb106e (patch) | |
tree | a277e81f7eccb44372af276556a103f09d3d7691 /filter/ulogd_filter_HWHDR.c | |
parent | 28e6eacfa96f729fce69f003ae16b96ad8503404 (diff) |
filter: fix buffer sizes in filter plug-ins
Three of the filter plug-ins define arrays to hold output key values.
The arrays are sized based on the values of enums. For example:
enum output_keys {
KEY_MAC_TYPE,
KEY_MAC_PROTOCOL,
KEY_MAC_SADDR,
START_KEY = KEY_MAC_SADDR,
KEY_MAC_DADDR,
KEY_MAC_ADDR,
MAX_KEY = KEY_MAC_ADDR,
};
static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH];
The arrays are indexed by subtracting `START_KEY` from the enum value of
the key currently being processed: `hwmac_str[okey - START_KEY]`.
However, this means that the last key (`KEY_MAC_ADDR` in this example)
will run off the end of the array. Increase the size of the arrays.
In the case of `IP2BIN` and `IP2HBIN`, there is no overrun, but only
because they use the wrong upper bound when looping over the keys, and
thus don't assign a value to the last key. Correct the bound.
Also some small white-space tweaks.
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=890
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'filter/ulogd_filter_HWHDR.c')
-rw-r--r-- | filter/ulogd_filter_HWHDR.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/filter/ulogd_filter_HWHDR.c b/filter/ulogd_filter_HWHDR.c index bbca5e9..a5ee60d 100644 --- a/filter/ulogd_filter_HWHDR.c +++ b/filter/ulogd_filter_HWHDR.c @@ -109,7 +109,7 @@ static struct ulogd_key mac2str_keys[] = { }, }; -static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH]; +static char hwmac_str[MAX_KEY - START_KEY + 1][HWADDR_LENGTH]; static int parse_mac2str(struct ulogd_key *ret, unsigned char *mac, int okey, int len) @@ -126,7 +126,7 @@ static int parse_mac2str(struct ulogd_key *ret, unsigned char *mac, buf_cur = hwmac_str[okey - START_KEY]; for (i = 0; i < len; i++) buf_cur += sprintf(buf_cur, "%02x%c", mac[i], - i == len - 1 ? 0 : ':'); + i == len - 1 ? 0 : ':'); okey_set_ptr(&ret[okey], hwmac_str[okey - START_KEY]); |