On Tue, Apr 09, 2024 at 07:49:10PM +0300, Vitaly Chikunov wrote:
> Phil,
>
> On Tue, Apr 09, 2024 at 05:14:04PM +0200, Phil Sutter wrote:
> > While functions returning pointers to internal static buffers have
> > obvious limitations, users are likely unaware how they call each other
> > internally and thus won't notice unsafe use. One such case is calling
> > both xtables_ipaddr_to_numeric() and xtables_ipmask_to_numeric() as
> > parameters for a single printf() call.
> >
> > Defuse this trap by avoiding the internal calls to
> > xtables_ip{,6}addr_to_numeric() which is easily doable since callers
> > keep their own static buffers already.
> >
> > While being at it, make use of inet_ntop() everywhere and also use
> > INET_ADDRSTRLEN/INET6_ADDRSTRLEN defines for correct (and annotated)
> > static buffer sizes.
> >
> > Reported-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
> > Signed-off-by: Phil Sutter <phil@xxxxxx>
>
> Reviewed-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
>
> Also, I tested in our build env and it's worked good.
Thanks for the review and testing, patch applied.
