Blame SOURCES/0007-xtables-translate-Guard-strcpy-call-in-xlate_ifname.patch

621646
From 5fe54ca701a38e283faf840903e9ed20eba8a6f4 Mon Sep 17 00:00:00 2001
621646
From: Phil Sutter <phil@nwl.cc>
621646
Date: Thu, 5 Dec 2019 16:01:29 +0100
621646
Subject: [PATCH] xtables-translate: Guard strcpy() call in xlate_ifname()
621646
621646
The function potentially fed overlong strings to strcpy(). Given that
621646
everything needed to avoid this is there, reorder code a bit to prevent
621646
those inputs, too.
621646
621646
Fixes: 0ddd663e9c167 ("iptables-translate: add in/out ifname wildcard match translation to nft")
621646
(cherry picked from commit 2861bdbbf062071487a49103513d129ce40e2652)
621646
Signed-off-by: Phil Sutter <psutter@redhat.com>
621646
---
621646
 iptables/xtables-translate.c | 5 ++---
621646
 1 file changed, 2 insertions(+), 3 deletions(-)
621646
621646
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
621646
index a42c60a3b64c6..77a186b905d73 100644
621646
--- a/iptables/xtables-translate.c
621646
+++ b/iptables/xtables-translate.c
621646
@@ -32,14 +32,13 @@
621646
 void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname,
621646
 		  bool invert)
621646
 {
621646
+	int ifaclen = strlen(ifname);
621646
 	char iface[IFNAMSIZ];
621646
-	int ifaclen;
621646
 
621646
-	if (ifname[0] == '\0')
621646
+	if (ifaclen < 1 || ifaclen >= IFNAMSIZ)
621646
 		return;
621646
 
621646
 	strcpy(iface, ifname);
621646
-	ifaclen = strlen(iface);
621646
 	if (iface[ifaclen - 1] == '+')
621646
 		iface[ifaclen - 1] = '*';
621646
 
621646
-- 
621646
2.24.0
621646