projects / platform / upstream / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b535374)
libxtables: Avoid buffer overrun in xtables_compatible_revision() 20/256220/1 accepted/tizen_6.5_base accepted/tizen_7.0_base accepted/tizen_7.0_base_hotfix accepted/tizen_unified tizen tizen_6.5_base tizen_7.0_base tizen_7.0_base_hotfix accepted/tizen/6.5/base/20211028.060000 accepted/tizen/7.0/base/20221116.025811 accepted/tizen/7.0/base/hotfix/20221116.055219 accepted/tizen/base/20210823.102850 accepted/tizen/base/20221115.103648 accepted/tizen/unified/20210402.091034 submit/tizen/20210331.081527 submit/tizen/20210823.081025 submit/tizen_6.5_base/20211028.134101 submit/tizen_base/20210823.081241 tizen_6.5.m2_release tizen_7.0_m2_release
authorSeonah Moon <seonah1.moon@samsung.com>
Wed, 31 Mar 2021 05:05:46 +0000 (14:05 +0900)
committerSeonah Moon <seonah1.moon@samsung.com>
Wed, 31 Mar 2021 05:05:52 +0000 (14:05 +0900)
The function is exported and accepts arbitrary strings as input. Calling
strcpy() without length checks is not OK.

Backport commit:
https://git.netfilter.org/iptables/commit/?id=f7d3dbb82e7ed94ccbf10cf70a3c7b3f3aaef1a1

Change-Id: Ibe4d0957fd6d9dd284ac3f84a328ea7b85e32b6b

libxtables/xtables.c patch | blob | history

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index d43f970..89a5f9c 100644 (file)
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -799,7 +799,8 @@ int xtables_compatible_revision(const char *name, uint8_t revision, int opt)
 
        xtables_load_ko(xtables_modprobe_program, true);
 
-       strcpy(rev.name, name);
+       strncpy(rev.name, name, XT_EXTENSION_MAXNAMELEN - 1);
+       rev.name[XT_EXTENSION_MAXNAMELEN - 1] = '\0';
        rev.revision = revision;
 
        max_rev = getsockopt(sockfd, afinfo->ipproto, opt, &rev, &s);
Domain: Network & Connectivity / Data Network;