From 8f18eb6b2230d2c7968fad3d62d966b54e1d434b Mon Sep 17 00:00:00 2001
From: Seonah Moon <seonah1.moon@samsung.com>
Date: Wed, 31 Mar 2021 14:05:46 +0900
Subject: [PATCH] libxtables: Avoid buffer overrun in
 xtables_compatible_revision()

The function is exported and accepts arbitrary strings as input. Calling
strcpy() without length checks is not OK.

Backport commit:
https://git.netfilter.org/iptables/commit/?id=f7d3dbb82e7ed94ccbf10cf70a3c7b3f3aaef1a1

Change-Id: Ibe4d0957fd6d9dd284ac3f84a328ea7b85e32b6b
---
 libxtables/xtables.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index d43f970..89a5f9c 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -799,7 +799,8 @@ int xtables_compatible_revision(const char *name, uint8_t revision, int opt)
 
 	xtables_load_ko(xtables_modprobe_program, true);
 
-	strcpy(rev.name, name);
+	strncpy(rev.name, name, XT_EXTENSION_MAXNAMELEN - 1);
+	rev.name[XT_EXTENSION_MAXNAMELEN - 1] = '\0';
 	rev.revision = revision;
 
 	max_rev = getsockopt(sockfd, afinfo->ipproto, opt, &rev, &s);
-- 
2.7.4