[iptables PATCH v3 1/3] nft: Don't assume NFTNL_RULE_USERDATA holds a comment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If this rule attribute is present but does not contain a comment,
get_comment() returns NULL which is then fed into strncpy() causing a
crash.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-shared.c | 39 ++++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index a72d414d78111..1c09277d85fb5 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -639,25 +639,30 @@ void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
 	if (nftnl_rule_is_set(r, NFTNL_RULE_USERDATA)) {
 		const void *data;
 		uint32_t len, size;
-		struct xtables_match *match;
-		struct xt_entry_match *m;
+		const char *comment;
 
 		data = nftnl_rule_get_data(r, NFTNL_RULE_USERDATA, &len);
-		match = xtables_find_match("comment", XTF_TRY_LOAD,
-					   &cs->matches);
-		if (match == NULL)
-			return;
-
-		size = XT_ALIGN(sizeof(struct xt_entry_match)) + match->size;
-		m = xtables_calloc(1, size);
-
-		strncpy((char *)m->data, get_comment(data, len),
-			match->size - 1);
-		m->u.match_size = size;
-		m->u.user.revision = 0;
-		strcpy(m->u.user.name, match->name);
-
-		match->m = m;
+		comment = get_comment(data, len);
+		if (comment) {
+			struct xtables_match *match;
+			struct xt_entry_match *m;
+
+			match = xtables_find_match("comment", XTF_TRY_LOAD,
+						   &cs->matches);
+			if (match == NULL)
+				return;
+
+			size = XT_ALIGN(sizeof(struct xt_entry_match))
+				+ match->size;
+			m = xtables_calloc(1, size);
+
+			strncpy((char *)m->data, comment, match->size - 1);
+			m->u.match_size = size;
+			m->u.user.revision = 0;
+			strcpy(m->u.user.name, match->name);
+
+			match->m = m;
+		}
 	}
 
 	if (cs->target != NULL) {
-- 
2.20.1




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux