iptables/0017-libxtables-Attenuate-effects-of-functions-internal-s.patch

101 lines
3.5 KiB
Diff
Raw Normal View History

From 12006541787f7428bb9ca2f0b539c5bf87be27d2 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Mon, 23 Dec 2024 17:31:39 +0100
Subject: [PATCH] libxtables: Attenuate effects of functions' internal static
buffers
JIRA: https://issues.redhat.com/browse/RHEL-72027
Upstream Status: iptables commit 8bf2bab8eb2e4f5ae2fef859ea7c877662854101
commit 8bf2bab8eb2e4f5ae2fef859ea7c877662854101
Author: Phil Sutter <phil@nwl.cc>
Date: Tue Apr 9 15:38:14 2024 +0200
libxtables: Attenuate effects of functions' internal static buffers
While functions returning pointers to internal static buffers have
obvious limitations, users are likely unaware how they call each other
internally and thus won't notice unsafe use. One such case is calling
both xtables_ipaddr_to_numeric() and xtables_ipmask_to_numeric() as
parameters for a single printf() call.
Defuse this trap by avoiding the internal calls to
xtables_ip{,6}addr_to_numeric() which is easily doable since callers
keep their own static buffers already.
While being at it, make use of inet_ntop() everywhere and also use
INET_ADDRSTRLEN/INET6_ADDRSTRLEN defines for correct (and annotated)
static buffer sizes.
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
libxtables/xtables.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index ba9ceae..a5e31f6 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1505,11 +1505,9 @@ void xtables_param_act(unsigned int status, const char *p1, ...)
const char *xtables_ipaddr_to_numeric(const struct in_addr *addrp)
{
- static char buf[16];
- const unsigned char *bytep = (const void *)&addrp->s_addr;
+ static char buf[INET_ADDRSTRLEN];
- sprintf(buf, "%u.%u.%u.%u", bytep[0], bytep[1], bytep[2], bytep[3]);
- return buf;
+ return inet_ntop(AF_INET, addrp, buf, sizeof(buf));
}
static const char *ipaddr_to_host(const struct in_addr *addr)
@@ -1569,13 +1567,14 @@ int xtables_ipmask_to_cidr(const struct in_addr *mask)
const char *xtables_ipmask_to_numeric(const struct in_addr *mask)
{
- static char buf[20];
+ static char buf[INET_ADDRSTRLEN + 1];
uint32_t cidr;
cidr = xtables_ipmask_to_cidr(mask);
if (cidr == (unsigned int)-1) {
/* mask was not a decent combination of 1's and 0's */
- sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask));
+ buf[0] = '/';
+ inet_ntop(AF_INET, mask, buf + 1, sizeof(buf) - 1);
return buf;
} else if (cidr == 32) {
/* we don't want to see "/32" */
@@ -1855,9 +1854,8 @@ void xtables_ipparse_any(const char *name, struct in_addr **addrpp,
const char *xtables_ip6addr_to_numeric(const struct in6_addr *addrp)
{
- /* 0000:0000:0000:0000:0000:0000:000.000.000.000
- * 0000:0000:0000:0000:0000:0000:0000:0000 */
- static char buf[50+1];
+ static char buf[INET6_ADDRSTRLEN];
+
return inet_ntop(AF_INET6, addrp, buf, sizeof(buf));
}
@@ -1915,12 +1913,12 @@ int xtables_ip6mask_to_cidr(const struct in6_addr *k)
const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
{
- static char buf[50+2];
+ static char buf[INET6_ADDRSTRLEN + 1];
int l = xtables_ip6mask_to_cidr(addrp);
if (l == -1) {
strcpy(buf, "/");
- strcat(buf, xtables_ip6addr_to_numeric(addrp));
+ inet_ntop(AF_INET6, addrp, buf + 1, sizeof(buf) - 1);
return buf;
}
/* we don't want to see "/128" */