diff mbox series

[net-next] netfilter: nfnetlink_hook: fix check for snprintf() overflow

Message ID YM33YmacZTH820Cv@mwanda
State Accepted
Delegated to: Pablo Neira
Headers show
Series [net-next] netfilter: nfnetlink_hook: fix check for snprintf() overflow | expand

Commit Message

Dan Carpenter June 19, 2021, 1:55 p.m. UTC 
The kernel version of snprintf() can't return negatives.  The
"ret > (int)sizeof(sym)" check is off by one because and it should be
>=.  Finally, we need to set a negative error code.

Fixes: e2cf17d3774c ("netfilter: add new hook nfnl subsystem")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 net/netfilter/nfnetlink_hook.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Florian Westphal June 20, 2021, 8:45 p.m. UTC | #1 
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The kernel version of snprintf() can't return negatives.  The
> "ret > (int)sizeof(sym)" check is off by one because and it should be
> >=.  Finally, we need to set a negative error code.

Reviewed-by: Florian Westphal <fw@strlen.de>
Pablo Neira Ayuso June 21, 2021, 8:06 p.m. UTC | #2 
On Sat, Jun 19, 2021 at 04:55:46PM +0300, Dan Carpenter wrote:
> The kernel version of snprintf() can't return negatives.  The
> "ret > (int)sizeof(sym)" check is off by one because and it should be
> >=.  Finally, we need to set a negative error code.

Applied, thanks.
diff mbox series

Patch

diff --git a/net/netfilter/nfnetlink_hook.c b/net/netfilter/nfnetlink_hook.c
index 58fda6ac663b..50b4e3c9347a 100644
--- a/net/netfilter/nfnetlink_hook.c
+++ b/net/netfilter/nfnetlink_hook.c
@@ -126,8 +126,10 @@  static int nfnl_hook_dump_one(struct sk_buff *nlskb,
 
 #ifdef CONFIG_KALLSYMS
 	ret = snprintf(sym, sizeof(sym), "%ps", ops->hook);
-	if (ret < 0 || ret > (int)sizeof(sym))
+	if (ret >= sizeof(sym)) {
+		ret = -EINVAL;
 		goto nla_put_failure;
+	}
 
 	module_name = strstr(sym, " [");
 	if (module_name) {