From 49f6def6fcbaf01f395fbe00543a9ab2c4bb106e Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Sat, 3 Dec 2022 19:02:10 +0000 Subject: filter: fix buffer sizes in filter plug-ins Three of the filter plug-ins define arrays to hold output key values. The arrays are sized based on the values of enums. For example: enum output_keys { KEY_MAC_TYPE, KEY_MAC_PROTOCOL, KEY_MAC_SADDR, START_KEY = KEY_MAC_SADDR, KEY_MAC_DADDR, KEY_MAC_ADDR, MAX_KEY = KEY_MAC_ADDR, }; static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH]; The arrays are indexed by subtracting `START_KEY` from the enum value of the key currently being processed: `hwmac_str[okey - START_KEY]`. However, this means that the last key (`KEY_MAC_ADDR` in this example) will run off the end of the array. Increase the size of the arrays. In the case of `IP2BIN` and `IP2HBIN`, there is no overrun, but only because they use the wrong upper bound when looping over the keys, and thus don't assign a value to the last key. Correct the bound. Also some small white-space tweaks. Link: https://bugzilla.netfilter.org/show_bug.cgi?id=890 Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso --- filter/ulogd_filter_IP2STR.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'filter/ulogd_filter_IP2STR.c') diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c index 66324b0..4d05368 100644 --- a/filter/ulogd_filter_IP2STR.c +++ b/filter/ulogd_filter_IP2STR.c @@ -137,7 +137,7 @@ static struct ulogd_key ip2str_keys[] = { }, }; -static char ipstr_array[MAX_KEY-START_KEY][IPADDR_LENGTH]; +static char ipstr_array[MAX_KEY - START_KEY + 1][IPADDR_LENGTH]; static int ip2str(struct ulogd_key *inp, int index, int oindex) { @@ -197,10 +197,10 @@ static int interp_ip2str(struct ulogd_pluginstance *pi) /* Iter on all addr fields */ for (i = START_KEY; i <= MAX_KEY; i++) { if (pp_is_valid(inp, i)) { - fret = ip2str(inp, i, i-START_KEY); + fret = ip2str(inp, i, i - START_KEY); if (fret != ULOGD_IRET_OK) return fret; - okey_set_ptr(&ret[i-START_KEY], + okey_set_ptr(&ret[i - START_KEY], ipstr_array[i-START_KEY]); } } -- cgit v1.2.3