[PATCH] nftables: fix length of set name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch permits to copy the last char of the set name
that's currently excluded.

nft add table ip test
nft add chain ip test filter {type filter hook input priority 0 \; }
nft add set ip test thisnamewith0016 { type ipv4_address\;}
nft list table ip test
table ip test {
        set thisnamewith0016 {
                type ipv4_address
        }

        chain filter {
                 type filter hook input priority 0;
        }
}

Signed-off-by: Giuseppe Longo <giuseppelng@xxxxxxxxx>
---
 net/netfilter/nf_tables_api.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index adce01e..a0da542 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2018,7 +2018,7 @@ static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
 		free_page((unsigned long)inuse);
 	}
 
-	snprintf(set->name, sizeof(set->name), name, n);
+	snprintf(set->name, sizeof(set->name)+1, name, n);
 	list_for_each_entry(i, &ctx->table->sets, list) {
 		if (!strcmp(set->name, i->name))
 			return -ENFILE;
@@ -2399,7 +2399,7 @@ static int nf_tables_newset(struct sock *nlsk, struct sk_buff *skb,
 	if (set == NULL)
 		goto err1;
 
-	nla_strlcpy(name, nla[NFTA_SET_NAME], sizeof(set->name));
+	nla_strlcpy(name, nla[NFTA_SET_NAME], sizeof(set->name)+1);
 	err = nf_tables_set_alloc_name(&ctx, set, name);
 	if (err < 0)
 		goto err2;
-- 
1.8.3.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux