Patchwork [libnftables,1/3] nat: xml: fix xml_snprintf buffer offset

login
register
mail settings
Submitter Arturo Borrero
Date June 15, 2013, 1:16 a.m.
Message ID <20130615011603.3778.67261.stgit@nfdev.cica.es>
Download mbox | patch
Permalink /patch/251566/
State Accepted
Delegated to: Pablo Neira
Headers show

Comments

Arturo Borrero - June 15, 2013, 1:16 a.m.
This patch fix the buffer offset of the nat snprintf function,
so elements are properly printed.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 src/expr/nat.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - June 17, 2013, 7:28 p.m.
On Sat, Jun 15, 2013 at 03:16:03AM +0200, Arturo Borrero wrote:
> This patch fix the buffer offset of the nat snprintf function,
> so elements are properly printed.

Applied, thanks.

I would like to have more XML test in this tree.

Instead of the current .sh scripts, we should have a large list of
.xml files under libnftables/test/ with the different compositions
that we support.

Then, you can make a script that iterates over the list of existing
.xml files in that directory and it stops if the test fails.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/src/expr/nat.c b/src/expr/nat.c
index a76f5b5..448d2e3 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -336,19 +336,21 @@  nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
 		break;
 	}
 
-	ret = snprintf(buf, len, "<family>%s</family>",
+	ret = snprintf(buf+offset, len, "<family>%s</family>",
 		       nat->family == AF_INET ? "AF_INET" : "AF_INET6");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
-		ret = snprintf(buf, len, "<sreg_addr_min_v4>%u</sreg_addr_min_v4>"
-				" <sreg_addr_max_v4>%u</sreg_addr_max_v4> ",
+		ret = snprintf(buf+offset, len,
+				"<sreg_addr_min_v4>%u</sreg_addr_min_v4>"
+				"<sreg_addr_max_v4>%u</sreg_addr_max_v4>",
 			       nat->sreg_addr_min, nat->sreg_addr_max);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
 	if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) {
-		ret = snprintf(buf, len, "<sreg_proto_min>%u</sreg_proto_min>"
+		ret = snprintf(buf+offset, len,
+				"<sreg_proto_min>%u</sreg_proto_min>"
 				"<sreg_proto_max>%u</sreg_proto_max>",
 		       nat->sreg_proto_min, nat->sreg_proto_max);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);