On Fri, Mar 21, 2014 at 06:39:01PM +0100, Giuseppe Longo wrote:
> This patch permits to copy the last char of the set name
> that's currently excluded.
>
> nft add table ip test
> nft add chain ip test filter {type filter hook input priority 0 \; }
> nft add set ip test thisnamewith0016 { type ipv4_address\;}
> nft list table ip test
> table ip test {
> set thisnamewith0016 {
> type ipv4_address
> }
>
> chain filter {
> type filter hook input priority 0;
> }
> }
>
> Signed-off-by: Giuseppe Longo <giuseppelng@xxxxxxxxx>
> ---
> net/netfilter/nf_tables_api.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index adce01e..a0da542 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -2018,7 +2018,7 @@ static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
> free_page((unsigned long)inuse);
> }
>
> - snprintf(set->name, sizeof(set->name), name, n);
> + snprintf(set->name, sizeof(set->name)+1, name, n);
This allows to write up to 16+1 bytes.
> list_for_each_entry(i, &ctx->table->sets, list) {
> if (!strcmp(set->name, i->name))
> return -ENFILE;
> @@ -2399,7 +2399,7 @@ static int nf_tables_newset(struct sock *nlsk, struct sk_buff *skb,
> if (set == NULL)
> goto err1;
>
> - nla_strlcpy(name, nla[NFTA_SET_NAME], sizeof(set->name));
> + nla_strlcpy(name, nla[NFTA_SET_NAME], sizeof(set->name)+1);
Same thing here, but the name size is just 16 bytes long.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
