diff mbox series

[iptables] extensions: format-security fixes in libip[6]t_icmp

Message ID 20181114063528.GA3617@adamg.eu
State Accepted
Delegated to: Pablo Neira
Headers show
Series [iptables] extensions: format-security fixes in libip[6]t_icmp | expand

Commit Message

Adam Gołębiowski Nov. 14, 2018, 6:35 a.m. UTC 
commit 61d6c3834de32c0ff5808c93da94b2b30b4791c8 introduced support
for gcc feature to check format string against passed argument.
This commit adds missing bits to extenstions's libipt_icmp.c and
libip6t_icmp6.c that were causing build to fail.

Signed-off-by: Adam Gołębiowski <adamg@pld-linux.org>
---
 extensions/libip6t_icmp6.c | 4 ++--
 extensions/libipt_icmp.c   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Pablo Neira Ayuso Nov. 14, 2018, 10 a.m. UTC | #1 
On Wed, Nov 14, 2018 at 07:35:28AM +0100, Adam Gołębiowski wrote:
> commit 61d6c3834de32c0ff5808c93da94b2b30b4791c8 introduced support
> for gcc feature to check format string against passed argument.
> This commit adds missing bits to extenstions's libipt_icmp.c and
> libip6t_icmp6.c that were causing build to fail.

Applied, thanks.
diff mbox series

Patch

diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index 45a71875..cc7bfaeb 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -230,7 +230,7 @@  static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
 	type_name = icmp6_type_xlate(icmptype);
 
 	if (type_name) {
-		xt_xlate_add(xl, type_name);
+		xt_xlate_add(xl, "%s", type_name);
 	} else {
 		for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
 			if (icmpv6_codes[i].type == icmptype &&
@@ -239,7 +239,7 @@  static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
 				break;
 
 		if (i != ARRAY_SIZE(icmpv6_codes))
-			xt_xlate_add(xl, icmpv6_codes[i].name);
+			xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
 		else
 			return 0;
 	}
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 54189976..e76257c5 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -236,7 +236,7 @@  static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
 			if (icmp_codes[i].type == icmptype &&
 			    icmp_codes[i].code_min == code_min &&
 			    icmp_codes[i].code_max == code_max) {
-				xt_xlate_add(xl, icmp_codes[i].name);
+				xt_xlate_add(xl, "%s", icmp_codes[i].name);
 				return 1;
 			}
 	}