summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-11-24 19:49:15 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2013-11-25 00:15:06 +0100
commit99af859adcf8b8d44ac8a2202467f4b7b4987e3f (patch)
tree61f7ae4bb3f382ee140b317893cc4949bb6e39c1 /src
parenta6931ebc4742476ce3098d74e4ece263c65ae142 (diff)
datatype: fix missing nul-terminated string in string_type_print
Thomas Berger reported that he is seeing garbage after valid string values, eg. fwtest01 ~ # nft -i nft> table filter nft> add chain filter input nft> add rule filter input meta iifname "lo" accept nft> list table filter table ip filter { chain input { meta iifname "lo�.�" accept } ... The buffer that is allocated in the stack does not include room to nul-terminate the string accordingly. This patch fixes bugzilla report #872: https://bugzilla.netfilter.org/show_bug.cgi?id=872 Reported-by: Thomas Berger <loki@lokis-chaos.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/datatype.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/datatype.c b/src/datatype.c
index 4c5a70f2..2e5788dc 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -256,9 +256,10 @@ const struct datatype integer_type = {
static void string_type_print(const struct expr *expr)
{
unsigned int len = div_round_up(expr->len, BITS_PER_BYTE);
- char data[len];
+ char data[len+1];
mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len);
+ data[len] = '\0';
printf("\"%s\"", data);
}