[libnftnl] data_reg: fix bad buffer size bounds

Message ID	20140506171946.4163.82349.stgit@nfdev.cica.es
State	Accepted
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> Subject: [libnftnl PATCH] data_reg: fix bad buffer size bounds To: netfilter-devel@vger.kernel.org From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Cc: pablo@netfilter.org Date: Tue, 06 May 2014 19:19:46 +0200 Message-ID: <20140506171946.4163.82349.stgit@nfdev.cica.es> User-Agent: StGit/0.15 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk

Message ID

20140506171946.4163.82349.stgit@nfdev.cica.es

State

Accepted

Headers

Subject: [libnftnl PATCH] data_reg: fix bad buffer size bounds
To: netfilter-devel@vger.kernel.org
From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Cc: pablo@netfilter.org
Date: Tue, 06 May 2014 19:19:46 +0200
Message-ID: <20140506171946.4163.82349.stgit@nfdev.cica.es>
User-Agent: StGit/0.15
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Arturo Borrero May 6, 2014, 5:19 p.m. UTC

These calls need to use the new buffer size, instead of the
size that the buffer originally had.

Bugs introduced by myself at dec68741 [data_reg: fix verdict format approach].

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 src/expr/data_reg.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Pablo Neira Ayuso May 7, 2014, 1:39 p.m. UTC | #1

On Tue, May 06, 2014 at 07:19:46PM +0200, Arturo Borrero Gonzalez wrote:
> These calls need to use the new buffer size, instead of the
> size that the buffer originally had.
> 
> Bugs introduced by myself at dec68741 [data_reg: fix verdict format approach].

Applied, thanks Arturo.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index 0523cb7..44281f7 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -304,7 +304,7 @@  nft_data_reg_verdict_snprintf_def(char *buf, size_t size,
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (reg->chain != NULL) {
-		ret = snprintf(buf+offset, size, "-> %s ", reg->chain);
+		ret = snprintf(buf+offset, len, "-> %s ", reg->chain);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
@@ -322,12 +322,12 @@  nft_data_reg_verdict_snprintf_xml(char *buf, size_t size,
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (reg->chain != NULL) {
-		ret = snprintf(buf+offset, size, "<chain>%s</chain>",
+		ret = snprintf(buf+offset, len, "<chain>%s</chain>",
 			       reg->chain);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	ret = snprintf(buf+offset, size, "</data_reg>");
+	ret = snprintf(buf+offset, len, "</data_reg>");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;
@@ -344,12 +344,12 @@  nft_data_reg_verdict_snprintf_json(char *buf, size_t size,
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (reg->chain != NULL) {
-		ret = snprintf(buf+offset, size, ",\"chain\":\"%s\"",
+		ret = snprintf(buf+offset, len, ",\"chain\":\"%s\"",
 			       reg->chain);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	ret = snprintf(buf+offset, size, "}");
+	ret = snprintf(buf+offset, len, "}");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;

[libnftnl] data_reg: fix bad buffer size bounds

Commit Message

Comments

Patch