diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2021-11-30 10:55:46 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-12-06 22:34:39 +0100 |
commit | 03e67f2e3a3e87fbbe286d5a67085015e6007329 (patch) | |
tree | 6bc710d27e533426684406f2116a33e44de5d3bf /output | |
parent | 6709f6b52cdd63d2c9b246b7fc6bfb57c4f18e00 (diff) |
output: SQLITE3: fix possible buffer overruns
There is a an off-by-one error in the size of some of the buffers used
to hold key-names. The maximum length of a name is `ULOGD_MAX_KEYLEN`,
and so declare the buffers with size `ULOGD_MAX_KEYLEN + 1`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'output')
-rw-r--r-- | output/sqlite3/ulogd_output_SQLITE3.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/output/sqlite3/ulogd_output_SQLITE3.c b/output/sqlite3/ulogd_output_SQLITE3.c index 20ceb3b..554b1b3 100644 --- a/output/sqlite3/ulogd_output_SQLITE3.c +++ b/output/sqlite3/ulogd_output_SQLITE3.c @@ -48,7 +48,7 @@ struct field { TAILQ_ENTRY(field) link; - char name[ULOGD_MAX_KEYLEN]; + char name[ULOGD_MAX_KEYLEN + 1]; struct ulogd_key *key; }; @@ -214,7 +214,7 @@ sqlite3_createstmt(struct ulogd_pluginstance *pi) { struct sqlite3_priv *priv = (void *)pi->private; struct field *f; - char buf[ULOGD_MAX_KEYLEN]; + char buf[ULOGD_MAX_KEYLEN + 1]; char *underscore; char *stmt_pos; int i, cols = 0; @@ -305,7 +305,7 @@ static int sqlite3_init_db(struct ulogd_pluginstance *pi) { struct sqlite3_priv *priv = (void *)pi->private; - char buf[ULOGD_MAX_KEYLEN]; + char buf[ULOGD_MAX_KEYLEN + 1]; char *underscore; struct field *f; sqlite3_stmt *schema_stmt; |