[iptables PATCH 8/9] extensions: string: Review parse_string() function

Phil Sutter <phil@xxxxxx> · Wed, 8 Jun 2022 18:27:11 +0200

* Compare against sizeof(info->pattern) which is more clear than having
  to know that this buffer is of size XT_STRING_MAX_PATTERN_SIZE

* Invert the check and error early to reduce indenting

* Pass info->patlen to memcpy() to avoid reading past end of 's'

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 extensions/libxt_string.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index da05fad0f59c8..5d72a5cde008f 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -78,14 +78,13 @@ static void string_init(struct xt_entry_match *m)
 
 static void
 parse_string(const char *s, struct xt_string_info *info)
-{	
+{
 	/* xt_string does not need \0 at the end of the pattern */
-	if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) {
-		memcpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE);
-		info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE);
-		return;
-	}
-	xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
+	if (strlen(s) > sizeof(info->pattern))
+		xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
+
+	info->patlen = strnlen(s, sizeof(info->pattern));
+	memcpy(info->pattern, s, info->patlen);
 }
 
 static void
-- 
2.34.1







