49 lines
1.6 KiB
Diff
49 lines
1.6 KiB
Diff
|
From 1b3f8332696651e4843b0419425480f134c8347f Mon Sep 17 00:00:00 2001
|
||
|
Message-Id: <1b3f8332696651e4843b0419425480f134c8347f.1657569892.git.aclaudi@redhat.com>
|
||
|
In-Reply-To: <b30268eda844bdebbb8e5e4f5735e3b1bb666368.1657569892.git.aclaudi@redhat.com>
|
||
|
References: <b30268eda844bdebbb8e5e4f5735e3b1bb666368.1657569892.git.aclaudi@redhat.com>
|
||
|
From: Andrea Claudi <aclaudi@redhat.com>
|
||
|
Date: Mon, 11 Jul 2022 17:57:52 +0200
|
||
|
Subject: [PATCH] tc: flower: Fix buffer overflow on large labels
|
||
|
|
||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2099364
|
||
|
Upstream Status: unknown commit 73590d95
|
||
|
|
||
|
commit 73590d9573148804034a88ceb2f6b7ca1545561f
|
||
|
Author: Paul Blakey <paulb@nvidia.com>
|
||
|
Date: Sun Dec 5 15:20:25 2021 +0200
|
||
|
|
||
|
tc: flower: Fix buffer overflow on large labels
|
||
|
|
||
|
Buffer is 64bytes, but label printing can take 66bytes printing
|
||
|
in hex, and will overflow when setting the string delimiter ('\0').
|
||
|
|
||
|
Fix that by increasing the print buffer size.
|
||
|
|
||
|
Example of overflowing ct_label:
|
||
|
ct_label 11111111111111111111111111111111/11111111111111111111111111111111
|
||
|
|
||
|
Fixes: 2fffb1c03056 ("tc: flower: Add matching on conntrack info")
|
||
|
Signed-off-by: Paul Blakey <paulb@nvidia.com>
|
||
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
||
|
---
|
||
|
tc/f_flower.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/tc/f_flower.c b/tc/f_flower.c
|
||
|
index 7f78195f..6d70b92a 100644
|
||
|
--- a/tc/f_flower.c
|
||
|
+++ b/tc/f_flower.c
|
||
|
@@ -2195,7 +2195,7 @@ static void flower_print_ct_label(struct rtattr *attr,
|
||
|
const unsigned char *str;
|
||
|
bool print_mask = false;
|
||
|
int data_len, i;
|
||
|
- SPRINT_BUF(out);
|
||
|
+ char out[128];
|
||
|
char *p;
|
||
|
|
||
|
if (!attr)
|
||
|
--
|
||
|
2.36.1
|
||
|
|