On Friday 2011-06-10 15:26, Jiri Popelka wrote: > >libiptc/libiptc.c:1690: overrun-buffer-arg: Overrunning static array "t->target.u.user.name" > of size 29 bytes by passing it to a function which indexes it > with argument "30UL" at byte position 29. > >libiptc/libiptc.c:1127: overrun-buffer-arg: Overrunning static array "t->target.u.user.name" > of size 29 bytes by passing it to a function which indexes it > with argument "30UL" at byte position 29. >diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c >index c2cb0bc..1a99047 100644 >--- a/libiptc/libiptc.c >+++ b/libiptc/libiptc.c >@@ -1121,7 +1121,7 @@ static inline int iptcc_compile_rule (struct xtc_handle *h, STRUCT_REPLACE *repl > STRUCT_STANDARD_TARGET *t; > t = (STRUCT_STANDARD_TARGET *)GET_TARGET(r->entry); > /* memset for memcmp convenience on delete/replace */ >- memset(t->target.u.user.name, 0, FUNCTION_MAXNAMELEN); >+ memset(t->target.u.user.name, 0, XT_EXTENSION_MAXNAMELEN); > strcpy(t->target.u.user.name, STANDARD_TARGET); > /* Jumps can only happen to builtin chains, so we > * can safely assume that they always have a header */ I have a feeling that there was something... namely implicitly setting t->target.u.user.revision too. So this might need a +t->target.u.user.revision = 0; unless you want t->target.u.user.revision to contain.. something, probably undefined value. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
