From 72386012200a96f9bb721ab4ddb5a9325c68c5f7 Mon Sep 17 00:00:00 2001
From: Varsha Rao <rvarsha016@gmail.com>
Date: Wed, 20 Sep 2017 21:53:09 +0530
Subject: src: Buffer is null terminated.

In _snprintf() functions definition the buffer is null terminated.

Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/expr/bitwise.c   | 3 +++
 src/expr/byteorder.c | 3 +++
 src/expr/cmp.c       | 3 +++
 src/expr/counter.c   | 3 +++
 src/expr/ct.c        | 3 +++
 src/expr/data_reg.c  | 3 +++
 src/expr/dup.c       | 3 +++
 src/expr/dynset.c    | 2 ++
 src/expr/exthdr.c    | 3 +++
 src/expr/fib.c       | 3 +++
 src/expr/fwd.c       | 3 +++
 src/expr/hash.c      | 3 +++
 src/expr/immediate.c | 3 +++
 src/expr/limit.c     | 3 +++
 src/expr/log.c       | 3 +++
 src/expr/lookup.c    | 2 ++
 src/expr/masq.c      | 3 +++
 src/expr/match.c     | 3 +++
 src/expr/meta.c      | 3 +++
 src/expr/nat.c       | 3 +++
 src/expr/numgen.c    | 3 +++
 src/expr/objref.c    | 3 +++
 src/expr/payload.c   | 3 +++
 src/expr/queue.c     | 2 ++
 src/expr/quota.c     | 3 +++
 src/expr/range.c     | 3 +++
 src/expr/redir.c     | 3 +++
 src/expr/reject.c    | 3 +++
 src/expr/rt.c        | 3 +++
 src/expr/target.c    | 3 +++
 30 files changed, 87 insertions(+)

(limited to 'src/expr')

diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index a89734b..ff9ade4 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -257,6 +257,9 @@ static int
 nftnl_expr_bitwise_snprintf(char *buf, size_t size, uint32_t type,
 			    uint32_t flags, const struct nftnl_expr *e)
 {
+	if (size)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_bitwise_snprintf_default(buf, size, e);
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index 47c04cf..4bb95b4 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -272,6 +272,9 @@ static int
 nftnl_expr_byteorder_snprintf(char *buf, size_t size, uint32_t type,
 			      uint32_t flags, const struct nftnl_expr *e)
 {
+	if (size)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_byteorder_snprintf_default(buf, size, e);
diff --git a/src/expr/cmp.c b/src/expr/cmp.c
index b26d0eb..7bafaec 100644
--- a/src/expr/cmp.c
+++ b/src/expr/cmp.c
@@ -246,6 +246,9 @@ static int
 nftnl_expr_cmp_snprintf(char *buf, size_t size, uint32_t type,
 			uint32_t flags, const struct nftnl_expr *e)
 {
+	if (size)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_cmp_snprintf_default(buf, size, e);
diff --git a/src/expr/counter.c b/src/expr/counter.c
index 21901e8..5c196d4 100644
--- a/src/expr/counter.c
+++ b/src/expr/counter.c
@@ -164,6 +164,9 @@ static int nftnl_expr_counter_snprintf(char *buf, size_t len, uint32_t type,
 				       uint32_t flags,
 				       const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_counter_snprintf_default(buf, len, e);
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 6f87a72..021a277 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -317,6 +317,9 @@ static int
 nftnl_expr_ct_snprintf(char *buf, size_t len, uint32_t type,
 		       uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_ct_snprintf_default(buf, len, e);
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index a246952..c925e20 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -194,6 +194,9 @@ int nftnl_data_reg_snprintf(char *buf, size_t size,
 			    uint32_t output_format, uint32_t flags,
 			    int reg_type)
 {
+	if (size)
+		buf[0] = '\0';
+
 	switch(reg_type) {
 	case DATA_VALUE:
 		switch(output_format) {
diff --git a/src/expr/dup.c b/src/expr/dup.c
index ed8e620..e2171f4 100644
--- a/src/expr/dup.c
+++ b/src/expr/dup.c
@@ -170,6 +170,9 @@ static int nftnl_expr_dup_snprintf_default(char *buf, size_t len,
 static int nftnl_expr_dup_snprintf(char *buf, size_t len, uint32_t type,
 				   uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_dup_snprintf_default(buf, len, e, flags);
diff --git a/src/expr/dynset.c b/src/expr/dynset.c
index 861879e..2755d49 100644
--- a/src/expr/dynset.c
+++ b/src/expr/dynset.c
@@ -314,6 +314,8 @@ static int
 nftnl_expr_dynset_snprintf(char *buf, size_t size, uint32_t type,
 			   uint32_t flags, const struct nftnl_expr *e)
 {
+	if (size)
+		buf[0] = '\0';
 
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 75cafbc..11766fa 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -339,6 +339,9 @@ static int
 nftnl_expr_exthdr_snprintf(char *buf, size_t len, uint32_t type,
 			   uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_exthdr_snprintf_default(buf, len, e);
diff --git a/src/expr/fib.c b/src/expr/fib.c
index b922b26..cbadeef 100644
--- a/src/expr/fib.c
+++ b/src/expr/fib.c
@@ -236,6 +236,9 @@ static int
 nftnl_expr_fib_snprintf(char *buf, size_t len, uint32_t type,
 			 uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_fib_snprintf_default(buf, len, e);
diff --git a/src/expr/fwd.c b/src/expr/fwd.c
index 1312ea1..38923df 100644
--- a/src/expr/fwd.c
+++ b/src/expr/fwd.c
@@ -147,6 +147,9 @@ static int nftnl_expr_fwd_snprintf_default(char *buf, size_t len,
 static int nftnl_expr_fwd_snprintf(char *buf, size_t len, uint32_t type,
 				   uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_fwd_snprintf_default(buf, len, e, flags);
diff --git a/src/expr/hash.c b/src/expr/hash.c
index fcc4fa5..066c790 100644
--- a/src/expr/hash.c
+++ b/src/expr/hash.c
@@ -288,6 +288,9 @@ static int
 nftnl_expr_hash_snprintf(char *buf, size_t len, uint32_t type,
 			 uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_hash_snprintf_default(buf, len, e);
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index b0570bd..aba84ea 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -262,6 +262,9 @@ static int
 nftnl_expr_immediate_snprintf(char *buf, size_t len, uint32_t type,
 			      uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch(type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_immediate_snprintf_default(buf, len, e, flags);
diff --git a/src/expr/limit.c b/src/expr/limit.c
index 856ab18..8e1f02a 100644
--- a/src/expr/limit.c
+++ b/src/expr/limit.c
@@ -243,6 +243,9 @@ static int
 nftnl_expr_limit_snprintf(char *buf, size_t len, uint32_t type,
 			  uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch(type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_limit_snprintf_default(buf, len, e);
diff --git a/src/expr/log.c b/src/expr/log.c
index 86d9651..161327b 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -301,6 +301,9 @@ static int
 nftnl_expr_log_snprintf(char *buf, size_t len, uint32_t type,
 			uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch(type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_log_snprintf_default(buf, len, e);
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index e4c05ec..32220a3 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -242,6 +242,8 @@ static int
 nftnl_expr_lookup_snprintf(char *buf, size_t size, uint32_t type,
 			   uint32_t flags, const struct nftnl_expr *e)
 {
+	if (size)
+		buf[0] = '\0';
 
 	switch(type) {
 	case NFTNL_OUTPUT_DEFAULT:
diff --git a/src/expr/masq.c b/src/expr/masq.c
index 7c235d3..1c75ee9 100644
--- a/src/expr/masq.c
+++ b/src/expr/masq.c
@@ -190,6 +190,9 @@ static int nftnl_expr_masq_snprintf_default(char *buf, size_t len,
 static int nftnl_expr_masq_snprintf(char *buf, size_t len, uint32_t type,
 				    uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_masq_snprintf_default(buf, len, e);
diff --git a/src/expr/match.c b/src/expr/match.c
index dd09e1e..af659b3 100644
--- a/src/expr/match.c
+++ b/src/expr/match.c
@@ -200,6 +200,9 @@ nftnl_expr_match_snprintf(char *buf, size_t len, uint32_t type,
 {
 	struct nftnl_expr_match *match = nftnl_expr_data(e);
 
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return snprintf(buf, len, "name %s rev %u ",
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 2c75841..b5c27e6 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -252,6 +252,9 @@ static int
 nftnl_expr_meta_snprintf(char *buf, size_t len, uint32_t type,
 			 uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_meta_snprintf_default(buf, len, e);
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 9271303..350633f 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -339,6 +339,9 @@ static int
 nftnl_expr_nat_snprintf(char *buf, size_t size, uint32_t type,
 			uint32_t flags, const struct nftnl_expr *e)
 {
+	if (size)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_nat_snprintf_default(buf, size, e);
diff --git a/src/expr/numgen.c b/src/expr/numgen.c
index 1369b01..9b5b1b7 100644
--- a/src/expr/numgen.c
+++ b/src/expr/numgen.c
@@ -224,6 +224,9 @@ static int
 nftnl_expr_ng_snprintf(char *buf, size_t len, uint32_t type,
 		       uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_ng_snprintf_default(buf, len, e);
diff --git a/src/expr/objref.c b/src/expr/objref.c
index 4cfa3cb..b4b3383 100644
--- a/src/expr/objref.c
+++ b/src/expr/objref.c
@@ -236,6 +236,9 @@ static int nftnl_expr_objref_snprintf(char *buf, size_t len, uint32_t type,
 				      uint32_t flags,
 				      const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_objref_snprintf_default(buf, len, e);
diff --git a/src/expr/payload.c b/src/expr/payload.c
index 91e1587..897fc77 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -290,6 +290,9 @@ nftnl_expr_payload_snprintf(char *buf, size_t len, uint32_t type,
 {
 	struct nftnl_expr_payload *payload = nftnl_expr_data(e);
 
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		if (payload->sreg)
diff --git a/src/expr/queue.c b/src/expr/queue.c
index f62db9f..e0fb785 100644
--- a/src/expr/queue.c
+++ b/src/expr/queue.c
@@ -235,6 +235,8 @@ static int
 nftnl_expr_queue_snprintf(char *buf, size_t len, uint32_t type,
 			  uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
 
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
diff --git a/src/expr/quota.c b/src/expr/quota.c
index 667e6e1..c247b0a 100644
--- a/src/expr/quota.c
+++ b/src/expr/quota.c
@@ -183,6 +183,9 @@ static int nftnl_expr_quota_snprintf(char *buf, size_t len, uint32_t type,
 				       uint32_t flags,
 				       const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_quota_snprintf_default(buf, len, e);
diff --git a/src/expr/range.c b/src/expr/range.c
index b2789ff..c7bb7c7 100644
--- a/src/expr/range.c
+++ b/src/expr/range.c
@@ -263,6 +263,9 @@ static int nftnl_expr_range_snprintf_default(char *buf, size_t size,
 static int nftnl_expr_range_snprintf(char *buf, size_t size, uint32_t type,
 				     uint32_t flags, const struct nftnl_expr *e)
 {
+	if (size)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_range_snprintf_default(buf, size, e);
diff --git a/src/expr/redir.c b/src/expr/redir.c
index b2aa345..9fb634a 100644
--- a/src/expr/redir.c
+++ b/src/expr/redir.c
@@ -204,6 +204,9 @@ static int
 nftnl_expr_redir_snprintf(char *buf, size_t len, uint32_t type,
 			  uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_redir_snprintf_default(buf, len, e);
diff --git a/src/expr/reject.c b/src/expr/reject.c
index 11d8b20..1e6fdf5 100644
--- a/src/expr/reject.c
+++ b/src/expr/reject.c
@@ -164,6 +164,9 @@ static int
 nftnl_expr_reject_snprintf(char *buf, size_t len, uint32_t type,
 			   uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_reject_snprintf_default(buf, len, e);
diff --git a/src/expr/rt.c b/src/expr/rt.c
index 62c01a0..10cb1e2 100644
--- a/src/expr/rt.c
+++ b/src/expr/rt.c
@@ -203,6 +203,9 @@ static int
 nftnl_expr_rt_snprintf(char *buf, size_t len, uint32_t type,
 		       uint32_t flags, const struct nftnl_expr *e)
 {
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return nftnl_expr_rt_snprintf_default(buf, len, e);
diff --git a/src/expr/target.c b/src/expr/target.c
index ed4bf7d..3c58b03 100644
--- a/src/expr/target.c
+++ b/src/expr/target.c
@@ -200,6 +200,9 @@ nftnl_expr_target_snprintf(char *buf, size_t len, uint32_t type,
 {
 	struct nftnl_expr_target *target = nftnl_expr_data(e);
 
+	if (len)
+		buf[0] = '\0';
+
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		return snprintf(buf, len, "name %s rev %u ",
-- 
cgit v1.2.3