Thomas Berger reported that he is seeing garbage after some
valid string values, eg.
fwtest01 ~ # nft -i
nft> table filter
nft> add chain filter input
nft> add rule filter input meta iifname "lo" accept
nft> list table filter
table ip filter {
chain input {
meta iifname "lo�.�" accept
}
...
The buffer that the string datatype was allocating did not include
room for the nul-terminator. This patch fixes bugzilla report #872:
https://bugzilla.netfilter.org/show_bug.cgi?id=872
Reported-by: Thomas Berger <loki@xxxxxxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/datatype.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/datatype.c b/src/datatype.c
index 4c5a70f..2e5788d 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -256,9 +256,10 @@ const struct datatype integer_type = {
static void string_type_print(const struct expr *expr)
{
unsigned int len = div_round_up(expr->len, BITS_PER_BYTE);
- char data[len];
+ char data[len+1];
mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len);
+ data[len] = '\0';
printf("\"%s\"", data);
}
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
