From 749d3c2ecd6a9dc21f5a442c44495cb705621dff Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 19 Sep 2018 15:16:51 +0200 Subject: libxt_ipvs: Avoid potential buffer overrun Just like with libxt_conntrack, get rid of the temporary buffer. The comment even states that it was copied from there, so just make them identical again. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- extensions/libxt_ipvs.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c index 46727660..a6c57a03 100644 --- a/extensions/libxt_ipvs.c +++ b/extensions/libxt_ipvs.c @@ -126,19 +126,19 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr, const union nf_inet_addr *mask, unsigned int family, bool numeric) { - char buf[BUFSIZ]; - if (family == NFPROTO_IPV4) { if (!numeric && addr->ip == 0) { printf(" anywhere"); return; } if (numeric) - strcpy(buf, xtables_ipaddr_to_numeric(&addr->in)); + printf(" %s%s", + xtables_ipaddr_to_numeric(&addr->in), + xtables_ipmask_to_numeric(&mask->in)); else - strcpy(buf, xtables_ipaddr_to_anyname(&addr->in)); - strcat(buf, xtables_ipmask_to_numeric(&mask->in)); - printf(" %s", buf); + printf(" %s%s", + xtables_ipaddr_to_anyname(&addr->in), + xtables_ipmask_to_numeric(&mask->in)); } else if (family == NFPROTO_IPV6) { if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 && addr->ip6[2] == 0 && addr->ip6[3] == 0) { @@ -146,11 +146,13 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr, return; } if (numeric) - strcpy(buf, xtables_ip6addr_to_numeric(&addr->in6)); + printf(" %s%s", + xtables_ip6addr_to_numeric(&addr->in6), + xtables_ip6mask_to_numeric(&mask->in6)); else - strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6)); - strcat(buf, xtables_ip6mask_to_numeric(&mask->in6)); - printf(" %s", buf); + printf(" %s%s", + xtables_ip6addr_to_anyname(&addr->in6), + xtables_ip6mask_to_numeric(&mask->in6)); } } -- cgit v1.2.3