diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-11-24 19:49:15 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-11-25 00:15:06 +0100 |
commit | 99af859adcf8b8d44ac8a2202467f4b7b4987e3f (patch) | |
tree | 61f7ae4bb3f382ee140b317893cc4949bb6e39c1 | |
parent | a6931ebc4742476ce3098d74e4ece263c65ae142 (diff) |
datatype: fix missing nul-terminated string in string_type_print
Thomas Berger reported that he is seeing garbage after valid string
values, eg.
fwtest01 ~ # nft -i
nft> table filter
nft> add chain filter input
nft> add rule filter input meta iifname "lo" accept
nft> list table filter
table ip filter {
chain input {
meta iifname "lo�.�" accept
}
...
The buffer that is allocated in the stack does not include room to
nul-terminate the string accordingly. This patch fixes bugzilla
report #872:
https://bugzilla.netfilter.org/show_bug.cgi?id=872
Reported-by: Thomas Berger <loki@lokis-chaos.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/datatype.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/datatype.c b/src/datatype.c index 4c5a70f2..2e5788dc 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -256,9 +256,10 @@ const struct datatype integer_type = { static void string_type_print(const struct expr *expr) { unsigned int len = div_round_up(expr->len, BITS_PER_BYTE); - char data[len]; + char data[len+1]; mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len); + data[len] = '\0'; printf("\"%s\"", data); } |