Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
[cc'd Thomas ]
> nla_strcmp compares the string length plus one, so it's implicitly
> including the nul-termination in the comparison.
>
> int nla_strcmp(const struct nlattr *nla, const char *str)
> {
> int len = strlen(str) + 1;
> ...
> d = memcmp(nla_data(nla), str, len);
> nla_strcmp compares the string length plus one, so it's implicitly
> including the nul-termination in the comparison.
> int nla_strcmp(const struct nlattr *nla, const char *str)
> {
> int len = strlen(str) + 1;
> ...
> d = memcmp(nla_data(nla), str, len);
[..]
> However, if NLA_STRING is used, userspace can send us a string without
> the null-termination. This is a problem since the nf_tables lookup
> functions won't find any matching as the last byte may mismatch.
> So we have to enforce that strings are nul-termination to avoid
> mismatches.
Looks to me as if the real fix is:
int nla_strcmp(const struct nlattr *nla, const char *str)
{
return nla_memcmp(nla, str, strlen(str));
}
[ better yet, add static inline wrapper for it ].
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
