From 99af859adcf8b8d44ac8a2202467f4b7b4987e3f Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 24 Nov 2013 19:49:15 +0100 Subject: datatype: fix missing nul-terminated string in string_type_print MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Thomas Berger reported that he is seeing garbage after valid string values, eg. fwtest01 ~ # nft -i nft> table filter nft> add chain filter input nft> add rule filter input meta iifname "lo" accept nft> list table filter table ip filter { chain input { meta iifname "lo�.�" accept } ... The buffer that is allocated in the stack does not include room to nul-terminate the string accordingly. This patch fixes bugzilla report #872: https://bugzilla.netfilter.org/show_bug.cgi?id=872 Reported-by: Thomas Berger Signed-off-by: Pablo Neira Ayuso --- src/datatype.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/datatype.c b/src/datatype.c index 4c5a70f2..2e5788dc 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -256,9 +256,10 @@ const struct datatype integer_type = { static void string_type_print(const struct expr *expr) { unsigned int len = div_round_up(expr->len, BITS_PER_BYTE); - char data[len]; + char data[len+1]; mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len); + data[len] = '\0'; printf("\"%s\"", data); } -- cgit v1.2.3