On Wednesday 2023-08-09 00:48, Justin Stitt wrote: >Prefer `strscpy` as it's a more robust interface. > >There may have existed a bug here due to both `tbl->repl.name` and >`info->name` having a size of 32 as defined below: >| #define XT_TABLE_MAXNAMELEN 32 > >This may lead to buffer overreads in some situations -- `strscpy` solves >this by guaranteeing NUL-termination of the dest buffer. It generally will not lead to overreads. xt not only deals with strings on its own turf, it even takes them from userspace-provided buffers, which means extra scrutiny is absolutely required. Done in places like x_tables.c: if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN) (Which is not to say the strncpy->strscpy mop-up is bad.)
