xtables-translate: Guard strcpy() call in xlate_ifname()

The function potentially fed overlong strings to strcpy(). Given that everything needed to avoid this is there, reorder code a bit to prevent those inputs, too. Fixes: 0ddd663e9c167 ("iptables-translate: add in/out ifname wildcard match translation to nft")
author: Phil Sutter <phil@nwl.cc> 2019-12-05 16:01:29 +0100
committer: Phil Sutter <phil@nwl.cc> 2019-12-06 12:12:08 +0100
commit: 2861bdbbf062071487a49103513d129ce40e2652 (patch)
tree: 2625edf1dd86f40ae0361d1e0a5461beb3a64e8d /iptables/xtables-translate.c
parent: f7d3dbb82e7ed94ccbf10cf70a3c7b3f3aaef1a1 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index a42c60a3..77a186b9 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -32,14 +32,13 @@
 void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname,
 		  bool invert)
 {
+	int ifaclen = strlen(ifname);
 	char iface[IFNAMSIZ];
-	int ifaclen;
 
-	if (ifname[0] == '\0')
+	if (ifaclen < 1 || ifaclen >= IFNAMSIZ)
 		return;
 
 	strcpy(iface, ifname);
-	ifaclen = strlen(iface);
 	if (iface[ifaclen - 1] == '+')
 		iface[ifaclen - 1] = '*';
author	Phil Sutter <phil@nwl.cc>	2019-12-05 16:01:29 +0100
committer	Phil Sutter <phil@nwl.cc>	2019-12-06 12:12:08 +0100
commit	2861bdbbf062071487a49103513d129ce40e2652 (patch)
tree	2625edf1dd86f40ae0361d1e0a5461beb3a64e8d /iptables/xtables-translate.c
parent	f7d3dbb82e7ed94ccbf10cf70a3c7b3f3aaef1a1 (diff)