summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-09-19 15:16:51 +0200
committerFlorian Westphal <fw@strlen.de>2018-09-24 11:24:02 +0200
commit749d3c2ecd6a9dc21f5a442c44495cb705621dff (patch)
tree6d1198c5a2d5ac1020ef324313af98da18fb5718
parent8e798e050367dfe43bb958f11dd3170b03bda49e (diff)
libxt_ipvs: Avoid potential buffer overrun
Just like with libxt_conntrack, get rid of the temporary buffer. The comment even states that it was copied from there, so just make them identical again. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r--extensions/libxt_ipvs.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
index 46727660..a6c57a03 100644
--- a/extensions/libxt_ipvs.c
+++ b/extensions/libxt_ipvs.c
@@ -126,19 +126,19 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
const union nf_inet_addr *mask,
unsigned int family, bool numeric)
{
- char buf[BUFSIZ];
-
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
printf(" anywhere");
return;
}
if (numeric)
- strcpy(buf, xtables_ipaddr_to_numeric(&addr->in));
+ printf(" %s%s",
+ xtables_ipaddr_to_numeric(&addr->in),
+ xtables_ipmask_to_numeric(&mask->in));
else
- strcpy(buf, xtables_ipaddr_to_anyname(&addr->in));
- strcat(buf, xtables_ipmask_to_numeric(&mask->in));
- printf(" %s", buf);
+ printf(" %s%s",
+ xtables_ipaddr_to_anyname(&addr->in),
+ xtables_ipmask_to_numeric(&mask->in));
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
@@ -146,11 +146,13 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
return;
}
if (numeric)
- strcpy(buf, xtables_ip6addr_to_numeric(&addr->in6));
+ printf(" %s%s",
+ xtables_ip6addr_to_numeric(&addr->in6),
+ xtables_ip6mask_to_numeric(&mask->in6));
else
- strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6));
- strcat(buf, xtables_ip6mask_to_numeric(&mask->in6));
- printf(" %s", buf);
+ printf(" %s%s",
+ xtables_ip6addr_to_anyname(&addr->in6),
+ xtables_ip6mask_to_numeric(&mask->in6));
}
}