|
 |
9a3fa7 |
From de7ba61cf107f43223eeb640267d24e187047c29 Mon Sep 17 00:00:00 2001
|
|
|
9a3fa7 |
From: Phil Sutter <psutter@redhat.com>
|
|
|
9a3fa7 |
Date: Fri, 15 Mar 2019 17:51:28 +0100
|
|
|
9a3fa7 |
Subject: [PATCH] libxt_conntrack: Avoid potential buffer overrun
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980
|
|
|
9a3fa7 |
Upstream Status: iptables commit 8e798e050367d
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
commit 8e798e050367dfe43bb958f11dd3170b03bda49e
|
|
|
9a3fa7 |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
9a3fa7 |
Date: Wed Sep 19 15:16:50 2018 +0200
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
libxt_conntrack: Avoid potential buffer overrun
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
In print_addr(), a resolved hostname is written into a buffer without
|
|
|
9a3fa7 |
size check. Since BUFSIZ is typically 8192 bytes, this shouldn't be an
|
|
|
9a3fa7 |
issue, though covscan complained about it. Fix the code by using
|
|
|
9a3fa7 |
conntrack_dump_addr() as an example.
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
9a3fa7 |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
9a3fa7 |
---
|
|
|
9a3fa7 |
extensions/libxt_conntrack.c | 14 +++++++-------
|
|
|
9a3fa7 |
1 file changed, 7 insertions(+), 7 deletions(-)
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
|
|
|
9a3fa7 |
index 3e7075760d40f..804aa23638ca1 100644
|
|
|
9a3fa7 |
--- a/extensions/libxt_conntrack.c
|
|
|
9a3fa7 |
+++ b/extensions/libxt_conntrack.c
|
|
|
9a3fa7 |
@@ -673,20 +673,20 @@ static void
|
|
|
9a3fa7 |
print_addr(const struct in_addr *addr, const struct in_addr *mask,
|
|
|
9a3fa7 |
int inv, int numeric)
|
|
|
9a3fa7 |
{
|
|
|
9a3fa7 |
- char buf[BUFSIZ];
|
|
|
9a3fa7 |
-
|
|
|
9a3fa7 |
if (inv)
|
|
|
9a3fa7 |
printf(" !");
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
if (mask->s_addr == 0L && !numeric)
|
|
|
9a3fa7 |
- printf(" %s", "anywhere");
|
|
|
9a3fa7 |
+ printf(" anywhere");
|
|
|
9a3fa7 |
else {
|
|
|
9a3fa7 |
if (numeric)
|
|
|
9a3fa7 |
- strcpy(buf, xtables_ipaddr_to_numeric(addr));
|
|
|
9a3fa7 |
+ printf(" %s%s",
|
|
|
9a3fa7 |
+ xtables_ipaddr_to_numeric(addr),
|
|
|
9a3fa7 |
+ xtables_ipmask_to_numeric(mask));
|
|
|
9a3fa7 |
else
|
|
|
9a3fa7 |
- strcpy(buf, xtables_ipaddr_to_anyname(addr));
|
|
|
9a3fa7 |
- strcat(buf, xtables_ipmask_to_numeric(mask));
|
|
|
9a3fa7 |
- printf(" %s", buf);
|
|
|
9a3fa7 |
+ printf(" %s%s",
|
|
|
9a3fa7 |
+ xtables_ipaddr_to_anyname(addr),
|
|
|
9a3fa7 |
+ xtables_ipmask_to_numeric(mask));
|
|
|
9a3fa7 |
}
|
|
|
9a3fa7 |
}
|
|
|
9a3fa7 |
|
|
|
9a3fa7 |
--
|
|
|
9a3fa7 |
2.21.0
|
|
|
9a3fa7 |
|