From patchwork Fri Jun 15 01:31:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Duncan Roe X-Patchwork-Id: 929759 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=optusnet.com.au Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 416NPG5sRhz9s3C for ; Fri, 15 Jun 2018 11:36:18 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965072AbeFOBgR (ORCPT ); Thu, 14 Jun 2018 21:36:17 -0400 Received: from mail109.syd.optusnet.com.au ([211.29.132.80]:51511 "EHLO mail109.syd.optusnet.com.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964932AbeFOBgR (ORCPT ); Thu, 14 Jun 2018 21:36:17 -0400 Received: from dimstar.local.net (unknown [210.49.74.88]) by mail109.syd.optusnet.com.au (Postfix) with SMTP id 244D0D72B8E for ; Fri, 15 Jun 2018 11:31:56 +1000 (AEST) Received: (qmail 2739 invoked by uid 501); 15 Jun 2018 01:31:56 -0000 From: Duncan Roe To: netfilter-devel@vger.kernel.org Subject: [PATCH] extensions: ebt_string: take action if snprintf discards data Date: Fri, 15 Jun 2018 11:31:56 +1000 Message-Id: <20180615013156.2698-1-duncan_roe@optusnet.com.au> X-Mailer: git-send-email 2.9.0 X-Optus-CM-Score: 0 X-Optus-CM-Analysis: v=2.2 cv=I9sVfJog c=1 sm=1 tr=0 a=DRuhS6OGlO/VPiI5KpoYuA==:117 a=DRuhS6OGlO/VPiI5KpoYuA==:17 a=7mUfYlMuFuIA:10 a=PO7r1zJSAAAA:8 a=Ae3m8Mg6QcK6mmprYL0A:9 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org commit e6359eedfbf497e52d52451072aea4713ed80a88 eliminated a gcc warning that strncpy could make a string w/out a NUL terminator. snprintf guarantees NUL-termination (so fixes that possibility). But, snprintf may discard data to make room for the NUL. This patch errors straight away in that eventuality. Signed-off-by: Duncan Roe --- extensions/ebt_string.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/extensions/ebt_string.c b/extensions/ebt_string.c index 3deff1b..79e24dc 100644 --- a/extensions/ebt_string.c +++ b/extensions/ebt_string.c @@ -168,7 +168,9 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, ebt_check_option2(flags, OPT_STRING_ALGO); if (ebt_check_inverse2(optarg)) ebt_print_error2("Unexpected `!' after --string-algo"); - snprintf(info->algo, sizeof(info->algo), "%s", optarg); + if (snprintf(info->algo, sizeof(info->algo), "%s", optarg) >= + sizeof(info->algo)) + ebt_print_error2("\"%s\" is truncated", info->algo); break; case STRING_ICASE: ebt_check_option2(flags, OPT_STRING_ICASE);