From patchwork Fri May 17 08:39:15 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chen Gang X-Patchwork-Id: 244532 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 731E72C0090 for ; Fri, 17 May 2013 18:40:14 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753481Ab3EQIkL (ORCPT ); Fri, 17 May 2013 04:40:11 -0400 Received: from intranet.asianux.com ([58.214.24.6]:49188 "EHLO intranet.asianux.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753136Ab3EQIkI (ORCPT ); Fri, 17 May 2013 04:40:08 -0400 Received: by intranet.asianux.com (Postfix, from userid 103) id 2FEA61840322; Fri, 17 May 2013 16:40:06 +0800 (CST) X-Spam-Score: -100.8 X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on intranet.asianux.com X-Spam-Level: X-Spam-Status: No, score=-100.8 required=5.0 tests=AWL,BAYES_00, RATWARE_GECKO_BUILD,USER_IN_WHITELIST autolearn=no version=3.1.9 Received: from [10.1.0.143] (unknown [219.143.36.82]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by intranet.asianux.com (Postfix) with ESMTP id 8E48C184024F; Fri, 17 May 2013 16:40:05 +0800 (CST) Message-ID: <5195ECB3.5000006@asianux.com> Date: Fri, 17 May 2013 16:39:15 +0800 From: Chen Gang User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: pablo@netfilter.org, kaber@trash.net, kuznet@ms2.inr.ac.ru, jmorris@namei.org, yoshfuji@linux-ipv6.org CC: David Miller , netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org, coreteam@netfilter.org, netdev Subject: [PATCH] ipv4: netfilter: always let NUL terminated string ended by '\0' Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org For NUL terminated string, better always be sure of ended by '\0'. 'pm' is 'struct ulog_packet_msg_t' which may be copied to user mode (defined in "include/uapi/..."), so can not use strlcpy() instead of. Signed-off-by: Chen Gang --- net/ipv4/netfilter/ipt_ULOG.c | 27 ++++++++++++++++----------- 1 files changed, 16 insertions(+), 11 deletions(-) diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index f8a222cb..4a93382 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c @@ -231,11 +231,13 @@ static void ipt_ulog_packet(unsigned int hooknum, put_unaligned(tv.tv_usec, &pm->timestamp_usec); put_unaligned(skb->mark, &pm->mark); pm->hook = hooknum; - if (prefix != NULL) - strncpy(pm->prefix, prefix, sizeof(pm->prefix)); - else if (loginfo->prefix[0] != '\0') - strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix)); - else + if (prefix != NULL) { + strncpy(pm->prefix, prefix, sizeof(pm->prefix) - 1); + pm->prefix[sizeof(pm->prefix) - 1] = '\0'; + } else if (loginfo->prefix[0] != '\0') { + strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix) - 1); + pm->prefix[sizeof(pm->prefix) - 1] = '\0'; + } else *(pm->prefix) = '\0'; if (in && in->hard_header_len > 0 && @@ -246,14 +248,17 @@ static void ipt_ulog_packet(unsigned int hooknum, } else pm->mac_len = 0; - if (in) - strncpy(pm->indev_name, in->name, sizeof(pm->indev_name)); - else + if (in) { + strncpy(pm->indev_name, in->name, sizeof(pm->indev_name) - 1); + pm->indev_name[sizeof(pm->indev_name) - 1] = '\0'; + } else pm->indev_name[0] = '\0'; - if (out) - strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name)); - else + if (out) { + strncpy(pm->outdev_name, out->name, + sizeof(pm->outdev_name) - 1); + pm->outdev_name[sizeof(pm->outdev_name) - 1] = '\0'; + } else pm->outdev_name[0] = '\0'; /* copy_len <= skb->len, so can't fail. */