[nftables,1/2] datatype: fix missing nul-terminator in string_type_print

Submitted by Pablo Neira on Nov. 24, 2013, 11:05 p.m.

Details

Message ID 1385334329-3969-1-git-send-email-pablo@netfilter.org
State Accepted
Headers show

Commit Message

Pablo Neira Nov. 24, 2013, 11:05 p.m.
Thomas Berger reported that he is seeing garbage after some
valid string values, eg.

fwtest01 ~ # nft -i
nft> table filter
nft> add chain filter input
nft> add rule filter input meta iifname "lo" accept
nft> list table filter
table ip filter {
        chain input {
                 meta iifname "lo�.�" accept
        }
...

The buffer that the string datatype was allocating did not include
room for the nul-terminator. This patch fixes bugzilla report #872:

https://bugzilla.netfilter.org/show_bug.cgi?id=872

Reported-by: Thomas Berger <loki@lokis-chaos.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/datatype.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/src/datatype.c b/src/datatype.c
index 4c5a70f..2e5788d 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -256,9 +256,10 @@  const struct datatype integer_type = {
 static void string_type_print(const struct expr *expr)
 {
 	unsigned int len = div_round_up(expr->len, BITS_PER_BYTE);
-	char data[len];
+	char data[len+1];
 
 	mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len);
+	data[len] = '\0';
 	printf("\"%s\"", data);
 }