[iptables,5/6] xtables-translate: Guard strcpy() call in xlate_ifname()
diff mbox series

Message ID 20191206114711.6015-6-phil@nwl.cc
State Accepted
Delegated to: Pablo Neira
Headers show
Series
  • A series of covscan-indicated fixes
Related show

Commit Message

Phil Sutter Dec. 6, 2019, 11:47 a.m. UTC
The function potentially fed overlong strings to strcpy(). Given that
everything needed to avoid this is there, reorder code a bit to prevent
those inputs, too.

Fixes: 0ddd663e9c167 ("iptables-translate: add in/out ifname wildcard match translation to nft")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-translate.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Patch
diff mbox series

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index a42c60a3b64c6..77a186b905d73 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -32,14 +32,13 @@ 
 void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname,
 		  bool invert)
 {
+	int ifaclen = strlen(ifname);
 	char iface[IFNAMSIZ];
-	int ifaclen;
 
-	if (ifname[0] == '\0')
+	if (ifaclen < 1 || ifaclen >= IFNAMSIZ)
 		return;
 
 	strcpy(iface, ifname);
-	ifaclen = strlen(iface);
 	if (iface[ifaclen - 1] == '+')
 		iface[ifaclen - 1] = '*';