From patchwork Wed Jun 2 15:23:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486763 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCVk5CrTz9sCD for ; Thu, 3 Jun 2021 01:24:14 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231204AbhFBPZ4 (ORCPT ); Wed, 2 Jun 2021 11:25:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231286AbhFBPZ4 (ORCPT ); Wed, 2 Jun 2021 11:25:56 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83F10C061574 for ; Wed, 2 Jun 2021 08:24:13 -0700 (PDT) Received: from localhost ([::1]:43086 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSj5-0007OA-Sx; Wed, 02 Jun 2021 17:24:11 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 1/9] libxtables: Drop leftover variable in xtables_numeric_to_ip6addr() Date: Wed, 2 Jun 2021 17:23:55 +0200 Message-Id: <20210602152403.5689-2-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Variable 'err' was only used in removed debug code, so drop it as well. Fixes: 7f526c9373c17 ("libxtables: xtables: remove unnecessary debug code") Signed-off-by: Phil Sutter --- libxtables/xtables.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libxtables/xtables.c b/libxtables/xtables.c index e6edfb5b49464..82815cae70576 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -1808,9 +1808,8 @@ const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp) struct in6_addr *xtables_numeric_to_ip6addr(const char *num) { static struct in6_addr ap; - int err; - if ((err = inet_pton(AF_INET6, num, &ap)) == 1) + if (inet_pton(AF_INET6, num, &ap) == 1) return ≈ return NULL; From patchwork Wed Jun 2 15:23:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486765 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCVx6YDkz9sCD for ; Thu, 3 Jun 2021 01:24:25 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231773AbhFBP0I (ORCPT ); Wed, 2 Jun 2021 11:26:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231286AbhFBP0H (ORCPT ); Wed, 2 Jun 2021 11:26:07 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56D5DC061574 for ; Wed, 2 Jun 2021 08:24:24 -0700 (PDT) Received: from localhost ([::1]:43100 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSjG-0007P3-Pu; Wed, 02 Jun 2021 17:24:22 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 2/9] extensions: libebt_ip6: Drop unused variables Date: Wed, 2 Jun 2021 17:23:56 +0200 Message-Id: <20210602152403.5689-3-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org They are being assigned to but never read. Fixes: 5c8ce9c6aede0 ("ebtables-compat: add 'ip6' match extension") Signed-off-by: Phil Sutter --- extensions/libebt_ip6.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/extensions/libebt_ip6.c b/extensions/libebt_ip6.c index b8a5a5d8c3a92..301bed9aadefd 100644 --- a/extensions/libebt_ip6.c +++ b/extensions/libebt_ip6.c @@ -250,9 +250,8 @@ static void brip6_init(struct xt_entry_match *match) static struct in6_addr *numeric_to_addr(const char *num) { static struct in6_addr ap; - int err; - if ((err=inet_pton(AF_INET6, num, &ap)) == 1) + if (inet_pton(AF_INET6, num, &ap) == 1) return ≈ return (struct in6_addr *)NULL; } @@ -292,7 +291,6 @@ static void ebt_parse_ip6_address(char *address, struct in6_addr *addr, struct i char buf[256]; char *p; int i; - int err; strncpy(buf, address, sizeof(buf) - 1); /* first the mask */ @@ -309,7 +307,7 @@ static void ebt_parse_ip6_address(char *address, struct in6_addr *addr, struct i if (!memcmp(msk, &in6addr_any, sizeof(in6addr_any))) strcpy(buf, "::"); - if ((err=inet_pton(AF_INET6, buf, addr)) < 1) { + if (inet_pton(AF_INET6, buf, addr) < 1) { xtables_error(PARAMETER_PROBLEM, "Invalid IPv6 Address '%s' specified", buf); return; } From patchwork Wed Jun 2 15:23:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486769 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCWP4fXnz9sCD for ; Thu, 3 Jun 2021 01:24:49 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231739AbhFBP0c (ORCPT ); Wed, 2 Jun 2021 11:26:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51568 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231848AbhFBP0b (ORCPT ); Wed, 2 Jun 2021 11:26:31 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43BA5C061574 for ; Wed, 2 Jun 2021 08:24:47 -0700 (PDT) Received: from localhost ([::1]:43124 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSjd-0007QB-NT; Wed, 02 Jun 2021 17:24:45 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 3/9] libxtables: Fix memleak in xtopt_parse_hostmask() Date: Wed, 2 Jun 2021 17:23:57 +0200 Message-Id: <20210602152403.5689-4-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org The allocated hostmask duplicate needs to be freed again. Fixes: 66266abd17adc ("libxtables: XTTYPE_HOSTMASK support") Signed-off-by: Phil Sutter --- libxtables/xtoptions.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c index d329f2ff7979e..0dcdf607f4678 100644 --- a/libxtables/xtoptions.c +++ b/libxtables/xtoptions.c @@ -763,6 +763,7 @@ static void xtopt_parse_hostmask(struct xt_option_call *cb) cb->arg = p; xtopt_parse_plenmask(cb); cb->arg = orig_arg; + free(work); } static void xtopt_parse_ethermac(struct xt_option_call *cb) From patchwork Wed Jun 2 15:23:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486764 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCVv2mVGz9sCD for ; Thu, 3 Jun 2021 01:24:23 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231691AbhFBP0C (ORCPT ); Wed, 2 Jun 2021 11:26:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231286AbhFBP0C (ORCPT ); Wed, 2 Jun 2021 11:26:02 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A3F6C061574 for ; Wed, 2 Jun 2021 08:24:19 -0700 (PDT) Received: from localhost ([::1]:43094 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSjB-0007OZ-E7; Wed, 02 Jun 2021 17:24:17 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 4/9] nft: Avoid memleak in error path of nft_cmd_new() Date: Wed, 2 Jun 2021 17:23:58 +0200 Message-Id: <20210602152403.5689-5-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org If rule allocation fails, free the allocated 'cmd' before returning to caller. Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands") Signed-off-by: Phil Sutter --- iptables/nft-cmd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index f2b935c57dab4..c3f6c14e0b99e 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -35,8 +35,10 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, if (state) { rule = nft_rule_new(h, chain, table, state); - if (!rule) + if (!rule) { + nft_cmd_free(cmd); return NULL; + } cmd->obj.rule = rule; From patchwork Wed Jun 2 15:23:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486767 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCW82jRvz9sCD for ; Thu, 3 Jun 2021 01:24:36 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231955AbhFBP0S (ORCPT ); Wed, 2 Jun 2021 11:26:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231848AbhFBP0S (ORCPT ); Wed, 2 Jun 2021 11:26:18 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D743C061574 for ; Wed, 2 Jun 2021 08:24:35 -0700 (PDT) Received: from localhost ([::1]:43112 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSjR-0007PW-HT; Wed, 02 Jun 2021 17:24:33 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 5/9] nft: Avoid buffer size warnings copying iface names Date: Wed, 2 Jun 2021 17:23:59 +0200 Message-Id: <20210602152403.5689-6-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org The call to strncpy() is actually not needed: source buffer is only IFNAMSIZ bytes large and guaranteed to be null-terminated. Use this to avoid compiler warnings due to size parameter matching the destination buffer size by performing the copy using (dumb) memcpy() instead. Signed-off-by: Phil Sutter --- iptables/nft-ipv4.c | 4 ++-- iptables/nft-ipv6.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index a5b835b1f681d..34f94bd8cc24a 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -348,11 +348,11 @@ static void nft_ipv4_post_parse(int command, */ cs->fw.ip.invflags = args->invflags; - strncpy(cs->fw.ip.iniface, args->iniface, IFNAMSIZ); + memcpy(cs->fw.ip.iniface, args->iniface, IFNAMSIZ); memcpy(cs->fw.ip.iniface_mask, args->iniface_mask, IFNAMSIZ*sizeof(unsigned char)); - strncpy(cs->fw.ip.outiface, args->outiface, IFNAMSIZ); + memcpy(cs->fw.ip.outiface, args->outiface, IFNAMSIZ); memcpy(cs->fw.ip.outiface_mask, args->outiface_mask, IFNAMSIZ*sizeof(unsigned char)); diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 46008fc5e762a..d9c9400ad7dc3 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -293,11 +293,11 @@ static void nft_ipv6_post_parse(int command, struct iptables_command_state *cs, */ cs->fw6.ipv6.invflags = args->invflags; - strncpy(cs->fw6.ipv6.iniface, args->iniface, IFNAMSIZ); + memcpy(cs->fw6.ipv6.iniface, args->iniface, IFNAMSIZ); memcpy(cs->fw6.ipv6.iniface_mask, args->iniface_mask, IFNAMSIZ*sizeof(unsigned char)); - strncpy(cs->fw6.ipv6.outiface, args->outiface, IFNAMSIZ); + memcpy(cs->fw6.ipv6.outiface, args->outiface, IFNAMSIZ); memcpy(cs->fw6.ipv6.outiface_mask, args->outiface_mask, IFNAMSIZ*sizeof(unsigned char)); From patchwork Wed Jun 2 15:24:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486761 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCVZ1vmcz9sCD for ; Thu, 3 Jun 2021 01:24:06 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231200AbhFBPZs (ORCPT ); Wed, 2 Jun 2021 11:25:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51392 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230257AbhFBPZs (ORCPT ); Wed, 2 Jun 2021 11:25:48 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BACEC061574 for ; Wed, 2 Jun 2021 08:24:04 -0700 (PDT) Received: from localhost ([::1]:43074 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSiv-0007Nc-3v; Wed, 02 Jun 2021 17:24:01 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 6/9] iptables-apply: Drop unused variable Date: Wed, 2 Jun 2021 17:24:00 +0200 Message-Id: <20210602152403.5689-7-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org It was assigned to but never read. Fixes: b45b4e3903414 ("iptables-apply: script and manpage update") Signed-off-by: Phil Sutter --- iptables/iptables-apply | 1 - 1 file changed, 1 deletion(-) diff --git a/iptables/iptables-apply b/iptables/iptables-apply index 4683b1b402d08..3a7df5e3cbc1f 100755 --- a/iptables/iptables-apply +++ b/iptables/iptables-apply @@ -231,7 +231,6 @@ case "$MODE" in "$RUNCMD" & CMD_PID=$! ( sleep "$TIMEOUT"; kill "$CMD_PID" 2>/dev/null; exit 0 ) & - CMDTIMEOUT_PID=$! if ! wait "$CMD_PID"; then echo "failed." echo "Error: unknown error running command: $RUNCMD" >&2 From patchwork Wed Jun 2 15:24:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486768 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCWH3z6tz9sCD for ; Thu, 3 Jun 2021 01:24:43 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231997AbhFBP0Z (ORCPT ); Wed, 2 Jun 2021 11:26:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51546 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231739AbhFBP0Z (ORCPT ); Wed, 2 Jun 2021 11:26:25 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2C71C061574 for ; Wed, 2 Jun 2021 08:24:41 -0700 (PDT) Received: from localhost ([::1]:43118 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSjW-0007Pt-TP; Wed, 02 Jun 2021 17:24:39 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 7/9] extensions: libebt_ip6: Use xtables_ip6parse_any() Date: Wed, 2 Jun 2021 17:24:01 +0200 Message-Id: <20210602152403.5689-8-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org The code was almost identical and suffered from the same problem as fixed in commit a76a5c997a235 ("libxtables: fix two off-by-one memory corruption bugs"). The only functional change this involves is ebt_parse_ip6_address() will now accept hostnames as well. Signed-off-by: Phil Sutter --- extensions/libebt_ip6.c | 74 ++++++----------------------------------- 1 file changed, 10 insertions(+), 64 deletions(-) diff --git a/extensions/libebt_ip6.c b/extensions/libebt_ip6.c index 301bed9aadefd..3cc39271d4658 100644 --- a/extensions/libebt_ip6.c +++ b/extensions/libebt_ip6.c @@ -247,73 +247,19 @@ static void brip6_init(struct xt_entry_match *match) memset(ipinfo->dmsk.s6_addr, 0, sizeof(ipinfo->dmsk.s6_addr)); } -static struct in6_addr *numeric_to_addr(const char *num) +/* wrap xtables_ip6parse_any(), ignoring any but the first returned address */ +static void ebt_parse_ip6_address(char *address, + struct in6_addr *addr, struct in6_addr *msk) { - static struct in6_addr ap; - - if (inet_pton(AF_INET6, num, &ap) == 1) - return ≈ - return (struct in6_addr *)NULL; -} - -static struct in6_addr *parse_ip6_mask(char *mask) -{ - static struct in6_addr maskaddr; struct in6_addr *addrp; - unsigned int bits; - - if (mask == NULL) { - /* no mask at all defaults to 128 bits */ - memset(&maskaddr, 0xff, sizeof maskaddr); - return &maskaddr; - } - if ((addrp = numeric_to_addr(mask)) != NULL) - return addrp; - if (!xtables_strtoui(mask, NULL, &bits, 0, 128)) - xtables_error(PARAMETER_PROBLEM, "Invalid IPv6 Mask '%s' specified", mask); - if (bits != 0) { - char *p = (char *)&maskaddr; - memset(p, 0xff, bits / 8); - memset(p + (bits / 8) + 1, 0, (128 - bits) / 8); - p[bits / 8] = 0xff << (8 - (bits & 7)); - return &maskaddr; - } + unsigned int naddrs; - memset(&maskaddr, 0, sizeof maskaddr); - return &maskaddr; -} - -/* Set the ipv6 mask and address. Callers should check ebt_errormsg[0]. - * The string pointed to by address can be altered. */ -static void ebt_parse_ip6_address(char *address, struct in6_addr *addr, struct in6_addr *msk) -{ - struct in6_addr *tmp_addr; - char buf[256]; - char *p; - int i; - - strncpy(buf, address, sizeof(buf) - 1); - /* first the mask */ - buf[sizeof(buf) - 1] = '\0'; - if ((p = strrchr(buf, '/')) != NULL) { - *p = '\0'; - tmp_addr = parse_ip6_mask(p + 1); - } else - tmp_addr = parse_ip6_mask(NULL); - - *msk = *tmp_addr; - - /* if a null mask is given, the name is ignored, like in "any/0" */ - if (!memcmp(msk, &in6addr_any, sizeof(in6addr_any))) - strcpy(buf, "::"); - - if (inet_pton(AF_INET6, buf, addr) < 1) { - xtables_error(PARAMETER_PROBLEM, "Invalid IPv6 Address '%s' specified", buf); - return; - } - - for (i = 0; i < 4; i++) - addr->s6_addr32[i] &= msk->s6_addr32[i]; + xtables_ip6parse_any(address, &addrp, msk, &naddrs); + if (naddrs != 1) + xtables_error(PARAMETER_PROBLEM, + "Invalid IPv6 Address '%s' specified", address); + memcpy(addr, addrp, sizeof(*addr)); + free(addrp); } #define OPT_SOURCE 0x01 From patchwork Wed Jun 2 15:24:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486762 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCVf6WlWz9sCD for ; Thu, 3 Jun 2021 01:24:10 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230257AbhFBPZx (ORCPT ); Wed, 2 Jun 2021 11:25:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231286AbhFBPZw (ORCPT ); Wed, 2 Jun 2021 11:25:52 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BE79C061574 for ; Wed, 2 Jun 2021 08:24:08 -0700 (PDT) Received: from localhost ([::1]:43080 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSj0-0007Nk-EY; Wed, 02 Jun 2021 17:24:06 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 8/9] libxtables: Introduce xtables_strdup() and use it everywhere Date: Wed, 2 Jun 2021 17:24:02 +0200 Message-Id: <20210602152403.5689-9-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This wraps strdup(), checking for errors. Signed-off-by: Phil Sutter --- extensions/libebt_ip.c | 3 ++- extensions/libebt_ip6.c | 2 +- extensions/libebt_stp.c | 3 ++- extensions/libip6t_DNAT.c | 4 +--- extensions/libip6t_SNAT.c | 4 +--- extensions/libip6t_dst.c | 8 +++----- extensions/libip6t_hbh.c | 7 +++---- extensions/libip6t_ipv6header.c | 2 +- extensions/libip6t_mh.c | 2 +- extensions/libip6t_rt.c | 7 +++---- extensions/libipt_DNAT.c | 8 ++------ extensions/libipt_SNAT.c | 4 +--- extensions/libxt_dccp.c | 2 +- extensions/libxt_hashlimit.c | 5 +---- extensions/libxt_iprange.c | 4 +--- extensions/libxt_multiport.c | 6 ++---- extensions/libxt_sctp.c | 4 ++-- extensions/libxt_set.h | 4 ++-- extensions/libxt_tcp.c | 4 ++-- include/xtables.h | 1 + iptables/iptables-xml.c | 4 ++-- iptables/nft-cache.c | 4 ++-- iptables/nft-cmd.c | 13 +++++++------ iptables/xshared.c | 2 +- libxtables/xtables.c | 12 ++++++++++++ libxtables/xtoptions.c | 14 +++----------- 26 files changed, 60 insertions(+), 73 deletions(-) diff --git a/extensions/libebt_ip.c b/extensions/libebt_ip.c index acb9bfcdbbd9f..51649ffb3c305 100644 --- a/extensions/libebt_ip.c +++ b/extensions/libebt_ip.c @@ -175,7 +175,8 @@ parse_port_range(const char *protocol, const char *portstring, uint16_t *ports) char *buffer; char *cp; - buffer = strdup(portstring); + buffer = xtables_strdup(portstring); + if ((cp = strchr(buffer, ':')) == NULL) ports[0] = ports[1] = xtables_parse_port(buffer, NULL); else { diff --git a/extensions/libebt_ip6.c b/extensions/libebt_ip6.c index 3cc39271d4658..a686a285c3cb8 100644 --- a/extensions/libebt_ip6.c +++ b/extensions/libebt_ip6.c @@ -93,7 +93,7 @@ parse_port_range(const char *protocol, const char *portstring, uint16_t *ports) char *buffer; char *cp; - buffer = strdup(portstring); + buffer = xtables_strdup(portstring); if ((cp = strchr(buffer, ':')) == NULL) ports[0] = ports[1] = xtables_parse_port(buffer, NULL); else { diff --git a/extensions/libebt_stp.c b/extensions/libebt_stp.c index 81ba572c33c1a..3e9e24474eb61 100644 --- a/extensions/libebt_stp.c +++ b/extensions/libebt_stp.c @@ -90,7 +90,8 @@ static int parse_range(const char *portstring, void *lower, void *upper, uint32_t low_nr, upp_nr; int ret = 0; - buffer = strdup(portstring); + buffer = xtables_strdup(portstring); + if ((cp = strchr(buffer, ':')) == NULL) { low_nr = strtoul(buffer, &end, 10); if (*end || low_nr < min || low_nr > max) { diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c index 89c5ceb153250..f1ad81436316b 100644 --- a/extensions/libip6t_DNAT.c +++ b/extensions/libip6t_DNAT.c @@ -58,9 +58,7 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range2 *range, int rev) char *arg, *start, *end = NULL, *colon = NULL, *dash, *error; const struct in6_addr *ip; - arg = strdup(orig_arg); - if (arg == NULL) - xtables_error(RESOURCE_PROBLEM, "strdup"); + arg = xtables_strdup(orig_arg); start = strchr(arg, '['); if (start == NULL) { diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c index 7d74b3d76a93c..6d19614c7c708 100644 --- a/extensions/libip6t_SNAT.c +++ b/extensions/libip6t_SNAT.c @@ -52,9 +52,7 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range) char *arg, *start, *end = NULL, *colon = NULL, *dash, *error; const struct in6_addr *ip; - arg = strdup(orig_arg); - if (arg == NULL) - xtables_error(RESOURCE_PROBLEM, "strdup"); + arg = xtables_strdup(orig_arg); start = strchr(arg, '['); if (start == NULL) { diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c index fe7e3403468ce..bf0e3e436665d 100644 --- a/extensions/libip6t_dst.c +++ b/extensions/libip6t_dst.c @@ -57,11 +57,9 @@ parse_options(const char *optsstr, uint16_t *opts) { char *buffer, *cp, *next, *range; unsigned int i; - - buffer = strdup(optsstr); - if (!buffer) - xtables_error(OTHER_PROBLEM, "strdup failed"); - + + buffer = xtables_strdup(optsstr); + for (cp = buffer, i = 0; cp && i < IP6T_OPTS_OPTSNR; cp = next, i++) { next = strchr(cp, ','); diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c index 4cebecfd3d2f5..74e87cda7eea1 100644 --- a/extensions/libip6t_hbh.c +++ b/extensions/libip6t_hbh.c @@ -57,10 +57,9 @@ parse_options(const char *optsstr, uint16_t *opts) { char *buffer, *cp, *next, *range; unsigned int i; - - buffer = strdup(optsstr); - if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed"); - + + buffer = xtables_strdup(optsstr); + for (cp=buffer, i=0; cp && ipflags[i] = 0; diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c index 5d8ab85cacf42..a4c5415f2036e 100644 --- a/extensions/libxt_sctp.c +++ b/extensions/libxt_sctp.c @@ -69,7 +69,7 @@ parse_sctp_ports(const char *portstring, char *buffer; char *cp; - buffer = strdup(portstring); + buffer = xtables_strdup(portstring); DEBUGP("%s\n", portstring); if ((cp = strchr(buffer, ':')) == NULL) { ports[0] = ports[1] = xtables_parse_port(buffer, "sctp"); @@ -164,7 +164,7 @@ parse_sctp_chunk(struct xt_sctp_info *einfo, int found = 0; char *chunk_flags; - buffer = strdup(chunks); + buffer = xtables_strdup(chunks); DEBUGP("Buffer: %s\n", buffer); SCTP_CHUNKMAP_RESET(einfo->chunkmap); diff --git a/extensions/libxt_set.h b/extensions/libxt_set.h index 41dfbd30fc7c1..ad895a7504d9d 100644 --- a/extensions/libxt_set.h +++ b/extensions/libxt_set.h @@ -141,7 +141,7 @@ get_set_byname(const char *setname, struct xt_set_info *info) static void parse_dirs_v0(const char *opt_arg, struct xt_set_info_v0 *info) { - char *saved = strdup(opt_arg); + char *saved = xtables_strdup(opt_arg); char *ptr, *tmp = saved; int i = 0; @@ -167,7 +167,7 @@ parse_dirs_v0(const char *opt_arg, struct xt_set_info_v0 *info) static void parse_dirs(const char *opt_arg, struct xt_set_info *info) { - char *saved = strdup(opt_arg); + char *saved = xtables_strdup(opt_arg); char *ptr, *tmp = saved; while (info->dim < IPSET_DIM_MAX && tmp != NULL) { diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c index 58f3c0a0c3c28..383e4db5b5e23 100644 --- a/extensions/libxt_tcp.c +++ b/extensions/libxt_tcp.c @@ -43,7 +43,7 @@ parse_tcp_ports(const char *portstring, uint16_t *ports) char *buffer; char *cp; - buffer = strdup(portstring); + buffer = xtables_strdup(portstring); if ((cp = strchr(buffer, ':')) == NULL) ports[0] = ports[1] = xtables_parse_port(buffer, "tcp"); else { @@ -83,7 +83,7 @@ parse_tcp_flag(const char *flags) char *ptr; char *buffer; - buffer = strdup(flags); + buffer = xtables_strdup(flags); for (ptr = strtok(buffer, ","); ptr; ptr = strtok(NULL, ",")) { unsigned int i; diff --git a/include/xtables.h b/include/xtables.h index 1fd5f63ac4b69..5b13f348f768d 100644 --- a/include/xtables.h +++ b/include/xtables.h @@ -453,6 +453,7 @@ extern void xtables_set_nfproto(uint8_t); extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); extern void *xtables_realloc(void *, size_t); +char *xtables_strdup(const char *); extern int xtables_insmod(const char *, const char *, bool); extern int xtables_load_ko(const char *, bool); diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c index 98d03dda98d2b..6cf059fb67292 100644 --- a/iptables/iptables-xml.c +++ b/iptables/iptables-xml.c @@ -213,8 +213,8 @@ saveChain(char *chain, char *policy, struct xt_counters *ctr) "%s: line %u chain name invalid\n", prog_name, line); - chains[nextChain].chain = strdup(chain); - chains[nextChain].policy = strdup(policy); + chains[nextChain].chain = xtables_strdup(chain); + chains[nextChain].policy = xtables_strdup(policy); chains[nextChain].count = *ctr; chains[nextChain].created = 0; nextChain++; diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index 8fbf9727826d8..2c88301cc7445 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -40,7 +40,7 @@ static void cache_chain_list_insert(struct list_head *list, const char *name) } new = xtables_malloc(sizeof(*new)); - new->name = strdup(name); + new->name = xtables_strdup(name); list_add_tail(&new->head, pos ? &pos->head : list); } @@ -56,7 +56,7 @@ void nft_cache_level_set(struct nft_handle *h, int level, return; if (!req->table) - req->table = strdup(cmd->table); + req->table = xtables_strdup(cmd->table); else assert(!strcmp(req->table, cmd->table)); diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index c3f6c14e0b99e..a0c76a795e59c 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -11,6 +11,7 @@ #include #include +#include #include "nft.h" #include "nft-cmd.h" @@ -27,9 +28,9 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, return NULL; cmd->command = command; - cmd->table = strdup(table); + cmd->table = xtables_strdup(table); if (chain) - cmd->chain = strdup(chain); + cmd->chain = xtables_strdup(chain); cmd->rulenum = rulenum; cmd->verbose = verbose; @@ -43,7 +44,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, cmd->obj.rule = rule; if (!state->target && strlen(state->jumpto) > 0) - cmd->jumpto = strdup(state->jumpto); + cmd->jumpto = xtables_strdup(state->jumpto); } list_add_tail(&cmd->head, &h->cmd_list); @@ -238,7 +239,7 @@ int nft_cmd_chain_user_rename(struct nft_handle *h,const char *chain, if (!cmd) return 0; - cmd->rename = strdup(newname); + cmd->rename = xtables_strdup(newname); nft_cache_level_set(h, NFT_CL_CHAINS, cmd); @@ -304,7 +305,7 @@ int nft_cmd_chain_set(struct nft_handle *h, const char *table, if (!cmd) return 0; - cmd->policy = strdup(policy); + cmd->policy = xtables_strdup(policy); if (counters) cmd->counters = *counters; @@ -389,7 +390,7 @@ int ebt_cmd_user_chain_policy(struct nft_handle *h, const char *table, if (!cmd) return 0; - cmd->policy = strdup(policy); + cmd->policy = xtables_strdup(policy); nft_cache_level_set(h, NFT_CL_RULES, cmd); diff --git a/iptables/xshared.c b/iptables/xshared.c index 49a88de518466..ed3e9c5a4426a 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -435,7 +435,7 @@ void add_argv(struct argv_store *store, const char *what, int quoted) xtables_error(PARAMETER_PROBLEM, "Trying to store NULL argument\n"); - store->argv[store->argc] = strdup(what); + store->argv[store->argc] = xtables_strdup(what); store->argvattr[store->argc] = quoted; store->argv[++store->argc] = NULL; } diff --git a/libxtables/xtables.c b/libxtables/xtables.c index 82815cae70576..77bc1493116c7 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -369,6 +369,18 @@ void *xtables_realloc(void *ptr, size_t size) return p; } +char *xtables_strdup(const char *s) +{ + char *dup = strdup(s); + + if (!dup) { + perror("ip[6]tables: strdup failed"); + exit(1); + } + + return dup; +} + static char *get_modprobe(void) { int procfile; diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c index 0dcdf607f4678..9d3ac5c8066cb 100644 --- a/libxtables/xtoptions.c +++ b/libxtables/xtoptions.c @@ -604,9 +604,7 @@ static void xtopt_parse_mport(struct xt_option_call *cb) unsigned int maxiter; int value; - wp_arg = lo_arg = strdup(cb->arg); - if (lo_arg == NULL) - xt_params->exit_err(RESOURCE_PROBLEM, "strdup"); + wp_arg = lo_arg = xtables_strdup(cb->arg); maxiter = entry->size / esize; if (maxiter == 0) @@ -747,9 +745,7 @@ static void xtopt_parse_hostmask(struct xt_option_call *cb) xtopt_parse_host(cb); return; } - work = strdup(orig_arg); - if (work == NULL) - xt_params->exit_err(PARAMETER_PROBLEM, "strdup"); + work = xtables_strdup(orig_arg); p = strchr(work, '/'); /* by def this can't be NULL now */ *p++ = '\0'; /* @@ -1139,11 +1135,7 @@ struct xtables_lmap *xtables_lmap_init(const char *file) goto out; } lmap_this->id = id; - lmap_this->name = strdup(cur); - if (lmap_this->name == NULL) { - free(lmap_this); - goto out; - } + lmap_this->name = xtables_strdup(cur); lmap_this->next = NULL; if (lmap_prev != NULL) From patchwork Wed Jun 2 15:24:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1486766 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4FwCW443Syz9sCD for ; Thu, 3 Jun 2021 01:24:32 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231784AbhFBP0O (ORCPT ); Wed, 2 Jun 2021 11:26:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51502 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231286AbhFBP0N (ORCPT ); Wed, 2 Jun 2021 11:26:13 -0400 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA5A0C061574 for ; Wed, 2 Jun 2021 08:24:29 -0700 (PDT) Received: from localhost ([::1]:43106 helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1loSjM-0007PK-6J; Wed, 02 Jun 2021 17:24:28 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 9/9] extensions: libxt_string: Avoid buffer size warning for strncpy() Date: Wed, 2 Jun 2021 17:24:03 +0200 Message-Id: <20210602152403.5689-10-phil@nwl.cc> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210602152403.5689-1-phil@nwl.cc> References: <20210602152403.5689-1-phil@nwl.cc> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org If the target buffer does not need to be null-terminated, one may simply use memcpy() and thereby avoid any compiler warnings. Signed-off-by: Phil Sutter --- extensions/libxt_string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c index 7c6366cbbf1b3..739a8e7fd66b6 100644 --- a/extensions/libxt_string.c +++ b/extensions/libxt_string.c @@ -81,7 +81,7 @@ parse_string(const char *s, struct xt_string_info *info) { /* xt_string does not need \0 at the end of the pattern */ if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) { - strncpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE); + memcpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE); info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE); return; }