#define NFNL_SUBSYS_ACCT 7
+#define BUF_SIZE_FOR_ERR 100
static void prepare_netlink_msg(struct genl *req, int type, int flag)
{
char *classid_part;
char *io_part;
char *ifname_part;
+ char *save_ptr = NULL;
char name[NFACCT_NAME_MAX] = {0}; /* parse buffer to avoid cnt_name modification */
strncpy(name, cnt_name, sizeof(name) - 1);
iface = get_iftype_by_name(ifname_buf);
/* check first part is it datacall */
if (iface == STC_IFACE_DATACALL) {
- strcpy(cnt->ifname, ifname_buf);
+ strncpy(cnt->ifname, ifname_buf, MAX_IFACE_LENGTH);
cnt->iotype = NFACCT_COUNTER_IN;
} else {
/* +1, due : symbol and till the end of cnt_name */
return true;
}
- io_part = strtok(name, "_");
+ io_part = strtok_r(name, "_", &save_ptr);
if (io_part != NULL)
cnt->iotype = convert_to_iotype(atoi(io_part + 1));
else
return false;
- iftype_part = strtok(NULL, "_");
+ iftype_part = strtok_r(NULL, "_", &save_ptr);
if (iftype_part != NULL)
cnt->iftype = convert_to_iftype(atoi(iftype_part));
else
return false;
- classid_part = strtok(NULL, "_");
+ classid_part = strtok_r(NULL, "_", &save_ptr);
if (classid_part != NULL)
cnt->classid = atoi(classid_part);
else {
return cnt->intend == NFACCT_BLOCK ? true : false;
}
- ifname_part = strtok(NULL, "\0");
+ ifname_part = strtok_r(NULL, "\0", &save_ptr);
if (ifname_part != NULL)
STRING_SAVE_COPY(cnt->ifname, ifname_part);
else
{
int status;
pid_t ret_pid;
+ char buf[BUF_SIZE_FOR_ERR] = { 0 };
+
if (!pid) {
STC_LOGD("no need to wait");
return;
ret_pid = waitpid(pid, &status, 0);
if (ret_pid < 0)
STC_LOGD("can't wait for a pid %d %d %s", pid, status,
- strerror(errno));
+ strerror_r(errno, buf, BUF_SIZE_FOR_ERR));
}
static char* get_cmd_pos(const char *cmd_buf)
const size_t args_number = get_args_number(cmd_buf);
char *args[args_number + 2];
int ret;
+ char *save_ptr = NULL;
+ char buf[BUF_SIZE_FOR_ERR] = { 0 };
STC_LOGD("executing iptables cmd %s in forked process",
cmd_buf);
exit(0);
}
args[0] = "iptables";
- cmd = strtok((char *)cmd_buf, " ");
+ cmd = strtok_r((char *)cmd_buf, " ", &save_ptr);
ret_value_msg_if(cmd == NULL, STC_ERROR_FAIL, "no arguments");
for (i = 1; i <= args_number; ++i)
- args[i] = strtok(NULL, " ");
+ args[i] = strtok_r(NULL, " ", &save_ptr);
args[i] = NULL;
ret = execv(cmd, args);
if (ret)
STC_LOGE("Can't execute %s: %s",
- cmd_buf, strerror(errno));
+ cmd_buf, strerror_r(errno, buf, BUF_SIZE_FOR_ERR));
exit(ret);
}
const size_t args_number = get_args_number(cmd_buf);
char *args[args_number + 2];
int ret;
+ char *save_ptr = NULL;
+ char buf[BUF_SIZE_FOR_ERR] = { 0 };
STC_LOGD("executing ip6tables cmd %s in forked process",
cmd_buf);
exit(0);
}
args[0] = "ip6tables";
- cmd = strtok((char *)cmd_buf, " ");
+ cmd = strtok_r((char *)cmd_buf, " ", &save_ptr);
ret_value_msg_if(cmd == NULL, STC_ERROR_FAIL, "no arguments");
for (i = 1; i <= args_number; ++i)
- args[i] = strtok(NULL, " ");
+ args[i] = strtok_r(NULL, " ", &save_ptr);
args[i] = NULL;
ret = execv(cmd, args);
if (ret)
STC_LOGE("Can't execute %s: %s",
- cmd_buf, strerror(errno));
+ cmd_buf, strerror_r(errno, buf, BUF_SIZE_FOR_ERR));
exit(ret);
}
"Invalid network interface name argument");
/* iptables rule */
- ret = sprintf(block_buf, pattern, IPTABLES, cmd, chain,
+ ret = snprintf(block_buf, sizeof(block_buf), pattern, IPTABLES, cmd, chain,
iftype_name, nfacct, jump);
ret_value_msg_if(ret > sizeof(block_buf), STC_ERROR_FAIL,
"Not enough buffer");
exec_iptables_cmd(block_buf, pid);
/* ip6tables rule */
- ret = sprintf(block_buf, pattern, IP6TABLES, cmd, chain,
+ ret = snprintf(block_buf, sizeof(block_buf), pattern, IP6TABLES, cmd, chain,
iftype_name, nfacct, jump);
ret_value_msg_if(ret > sizeof(block_buf), STC_ERROR_FAIL,
"Not enough buffer");
"Invalid network interface name argument");
/* iptables rules */
- ret = sprintf(block_buf, pattern, IPTABLES, cmd,
+ ret = snprintf(block_buf, sizeof(block_buf), pattern, IPTABLES, cmd,
iftype_name, classid, nfacct, jump);
ret_value_msg_if(ret > sizeof(block_buf), STC_ERROR_FAIL,
"Not enough buffer");
exec_iptables_cmd(block_buf, pid);
/* ip6tables rules */
- ret = sprintf(block_buf, pattern, IP6TABLES, cmd,
+ ret = snprintf(block_buf, sizeof(block_buf), pattern, IP6TABLES, cmd,
iftype_name, classid, nfacct, jump);
ret_value_msg_if(ret > sizeof(block_buf), STC_ERROR_FAIL,
"Not enough buffer");