Blame SOURCES/0007-xtables-translate-Guard-strcpy-call-in-xlate_ifname.patch
|
 |
576484 |
From 5fe54ca701a38e283faf840903e9ed20eba8a6f4 Mon Sep 17 00:00:00 2001
|
|
|
576484 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
576484 |
Date: Thu, 5 Dec 2019 16:01:29 +0100
|
|
|
576484 |
Subject: [PATCH] xtables-translate: Guard strcpy() call in xlate_ifname()
|
|
|
576484 |
|
|
|
576484 |
The function potentially fed overlong strings to strcpy(). Given that
|
|
|
576484 |
everything needed to avoid this is there, reorder code a bit to prevent
|
|
|
576484 |
those inputs, too.
|
|
|
576484 |
|
|
|
576484 |
Fixes: 0ddd663e9c167 ("iptables-translate: add in/out ifname wildcard match translation to nft")
|
|
|
576484 |
(cherry picked from commit 2861bdbbf062071487a49103513d129ce40e2652)
|
|
|
576484 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
576484 |
---
|
|
|
576484 |
iptables/xtables-translate.c | 5 ++---
|
|
|
576484 |
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
576484 |
|
|
|
576484 |
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
|
|
|
576484 |
index a42c60a3b64c6..77a186b905d73 100644
|
|
|
576484 |
--- a/iptables/xtables-translate.c
|
|
|
576484 |
+++ b/iptables/xtables-translate.c
|
|
|
576484 |
@@ -32,14 +32,13 @@
|
|
|
576484 |
void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname,
|
|
|
576484 |
bool invert)
|
|
|
576484 |
{
|
|
|
576484 |
+ int ifaclen = strlen(ifname);
|
|
|
576484 |
char iface[IFNAMSIZ];
|
|
|
576484 |
- int ifaclen;
|
|
|
576484 |
|
|
|
576484 |
- if (ifname[0] == '\0')
|
|
|
576484 |
+ if (ifaclen < 1 || ifaclen >= IFNAMSIZ)
|
|
|
576484 |
return;
|
|
|
576484 |
|
|
|
576484 |
strcpy(iface, ifname);
|
|
|
576484 |
- ifaclen = strlen(iface);
|
|
|
576484 |
if (iface[ifaclen - 1] == '+')
|
|
|
576484 |
iface[ifaclen - 1] = '*';
|
|
|
576484 |
|
|
|
576484 |
--
|
|
|
576484 |
2.24.0
|
|
|
576484 |
|