laurenceman / rpms / iptables

Forked from rpms/iptables 5 years ago
Clone

Blame SOURCES/libxt_conntrack-Avoid-potential-buffer-overrun.patch

9a3fa7
From de7ba61cf107f43223eeb640267d24e187047c29 Mon Sep 17 00:00:00 2001
9a3fa7
From: Phil Sutter <psutter@redhat.com>
9a3fa7
Date: Fri, 15 Mar 2019 17:51:28 +0100
9a3fa7
Subject: [PATCH] libxt_conntrack: Avoid potential buffer overrun
9a3fa7
9a3fa7
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980
9a3fa7
Upstream Status: iptables commit 8e798e050367d
9a3fa7
9a3fa7
commit 8e798e050367dfe43bb958f11dd3170b03bda49e
9a3fa7
Author: Phil Sutter <phil@nwl.cc>
9a3fa7
Date:   Wed Sep 19 15:16:50 2018 +0200
9a3fa7
9a3fa7
    libxt_conntrack: Avoid potential buffer overrun
9a3fa7
9a3fa7
    In print_addr(), a resolved hostname is written into a buffer without
9a3fa7
    size check. Since BUFSIZ is typically 8192 bytes, this shouldn't be an
9a3fa7
    issue, though covscan complained about it. Fix the code by using
9a3fa7
    conntrack_dump_addr() as an example.
9a3fa7
9a3fa7
    Signed-off-by: Phil Sutter <phil@nwl.cc>
9a3fa7
    Signed-off-by: Florian Westphal <fw@strlen.de>
9a3fa7
9a3fa7
Signed-off-by: Phil Sutter <psutter@redhat.com>
9a3fa7
---
9a3fa7
 extensions/libxt_conntrack.c | 14 +++++++-------
9a3fa7
 1 file changed, 7 insertions(+), 7 deletions(-)
9a3fa7
9a3fa7
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
9a3fa7
index 3e7075760d40f..804aa23638ca1 100644
9a3fa7
--- a/extensions/libxt_conntrack.c
9a3fa7
+++ b/extensions/libxt_conntrack.c
9a3fa7
@@ -673,20 +673,20 @@ static void
9a3fa7
 print_addr(const struct in_addr *addr, const struct in_addr *mask,
9a3fa7
            int inv, int numeric)
9a3fa7
 {
9a3fa7
-	char buf[BUFSIZ];
9a3fa7
-
9a3fa7
 	if (inv)
9a3fa7
 		printf(" !");
9a3fa7
 
9a3fa7
 	if (mask->s_addr == 0L && !numeric)
9a3fa7
-		printf(" %s", "anywhere");
9a3fa7
+		printf(" anywhere");
9a3fa7
 	else {
9a3fa7
 		if (numeric)
9a3fa7
-			strcpy(buf, xtables_ipaddr_to_numeric(addr));
9a3fa7
+			printf(" %s%s",
9a3fa7
+			       xtables_ipaddr_to_numeric(addr),
9a3fa7
+			       xtables_ipmask_to_numeric(mask));
9a3fa7
 		else
9a3fa7
-			strcpy(buf, xtables_ipaddr_to_anyname(addr));
9a3fa7
-		strcat(buf, xtables_ipmask_to_numeric(mask));
9a3fa7
-		printf(" %s", buf);
9a3fa7
+			printf(" %s%s",
9a3fa7
+			       xtables_ipaddr_to_anyname(addr),
9a3fa7
+			       xtables_ipmask_to_numeric(mask));
9a3fa7
 	}
9a3fa7
 }
9a3fa7
 
9a3fa7
-- 
9a3fa7
2.21.0
9a3fa7