On Mon, Jul 24, 2017 at 01:17:30PM +0200, Pablo Neira Ayuso wrote: > On Wed, Jul 19, 2017 at 04:32:57PM +0200, Phil Sutter wrote: > > Now that they contain process information, they're actually interesting. > > For backwards compatibility, print process information only if it was > > present in the message. > > Wait, a couple of comments. All ACK, one remark: [...] > > + case NFTA_GEN_PROC_NAME: > > + if (mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) > > + break; > > + strncpy(name, mnl_attr_get_str(attr), sizeof(name)); > > What is maximum process name length? If we hit this bound, we have to > make sure this does: > > name[X - 1] = '\0'; > > Where X is the name buffer size. NFTA_GEN_PROC_NAME attribute is filled with output from get_task_comm(), which returns a string of max 16 bytes length. It is safe to assume that it's NULL terminated since set_task_comm() uses strlcpy(). That static buffer above is needless though, so I'll change it to just point to the netlink attribute itself if it is present. Thanks, Phil -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
