rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity
b7623c906b
iptables/0002-extensions-format-security-fixes-in-libip-6-t_icmp.patch
Phil Sutter 51c612a0d8 iptables-1.8.2-1 
- New upstream version 1.8.2
- Integrate ebtables and arptables save/restore scripts with alternatives
- Add nft-specific ebtables and arptables man pages
- Move /etc/sysconfig/ip*tables-config files into services sub-package
2019-04-24 19:06:34 +02:00

61 lines
2.2 KiB
Diff
Raw Blame History

From 6e8f0c61f4c9abc2836d772fca97ff0d84c03360 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg@pld-linux.org>
Date: Wed, 14 Nov 2018 07:35:28 +0100
Subject: [PATCH] extensions: format-security fixes in libip[6]t_icmp
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
introduced support for gcc feature to check format string against passed
argument. This commit adds missing bits to extenstions's libipt_icmp.c
and libip6t_icmp6.c that were causing build to fail.
Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
Signed-off-by: Adam Gołębiowski <adamg@pld-linux.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
extensions/libip6t_icmp6.c | 4 ++--
extensions/libipt_icmp.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index 45a71875722c4..cc7bfaeb72fd7 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
type_name = icmp6_type_xlate(icmptype);
if (type_name) {
- xt_xlate_add(xl, type_name);
+ xt_xlate_add(xl, "%s", type_name);
} else {
for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
if (icmpv6_codes[i].type == icmptype &&
@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
break;
if (i != ARRAY_SIZE(icmpv6_codes))
- xt_xlate_add(xl, icmpv6_codes[i].name);
+ xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
else
return 0;
}
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 5418997668d4c..e76257c54708c 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
if (icmp_codes[i].type == icmptype &&
icmp_codes[i].code_min == code_min &&
icmp_codes[i].code_max == code_max) {
- xt_xlate_add(xl, icmp_codes[i].name);
+ xt_xlate_add(xl, "%s", icmp_codes[i].name);
return 1;
}
}
--
2.21.0
Reference in New Issue View Git Blame Copy Permalink