Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
GfA
/
linux_kernel
5
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

netfilter: prefer nla_strlcpy for dealing with NLA_STRING attributes

fixes these warnings:
'nfnl_cthelper_create' at net/netfilter/nfnetlink_cthelper.c:237:2,
'nfnl_cthelper_new' at net/netfilter/nfnetlink_cthelper.c:450:9:
./include/linux/string.h:246:9: warning: '__builtin_strncpy' specified bound 16 equals destination size [-Wstringop-truncation]
  return __builtin_strncpy(p, q, size);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Moreover, strncpy assumes null-terminated source buffers, but thats
not the case here.
Unlike strlcpy, nla_strlcpy *does* pad the destination buffer
while also considering nla attribute size.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal 7 жил өмнө
parent
25fd386e0b
commit
4e09fc873d
2 өөрчлөгдсөн 5 нэмэгдсэн , 4 устгасан
Өөрчлөллтийг нэгтгэж харах Өөрчлөлтийн статистик харах
  1. 1 1
      net/netfilter/nfnetlink_acct.c
  2. 4 3
      net/netfilter/nfnetlink_cthelper.c

+ 1 - 1
net/netfilter/nfnetlink_acct.c
Файл харах 

@@ -115,7 +115,7 @@ static int nfnl_acct_new(struct net *net, struct sock *nfnl,
 
 		nfacct->flags = flags;
 
 		nfacct->flags = flags;
 
 	}
 
 	}
 
 
 
-	strncpy(nfacct->name, nla_data(tb[NFACCT_NAME]), NFACCT_NAME_MAX);
 
+	nla_strlcpy(nfacct->name, nla_data(tb[NFACCT_NAME]), NFACCT_NAME_MAX);
 
 
 
 	if (tb[NFACCT_BYTES]) {
 
 	if (tb[NFACCT_BYTES]) {
 
 		atomic64_set(&nfacct->bytes,
 
 		atomic64_set(&nfacct->bytes,

+ 4 - 3
net/netfilter/nfnetlink_cthelper.c
Файл харах 

@@ -149,8 +149,8 @@ nfnl_cthelper_expect_policy(struct nf_conntrack_expect_policy *expect_policy,
 
 	    !tb[NFCTH_POLICY_EXPECT_TIMEOUT])
 
 	    !tb[NFCTH_POLICY_EXPECT_TIMEOUT])
 
 		return -EINVAL;
 
 		return -EINVAL;
 
 
 
-	strncpy(expect_policy->name,
 
-		nla_data(tb[NFCTH_POLICY_NAME]), NF_CT_HELPER_NAME_LEN);
 
+	nla_strlcpy(expect_policy->name,
 
+		    nla_data(tb[NFCTH_POLICY_NAME]), NF_CT_HELPER_NAME_LEN);
 
 	expect_policy->max_expected =
 
 	expect_policy->max_expected =
 
 		ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_MAX]));
 
 		ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_MAX]));
 
 	if (expect_policy->max_expected > NF_CT_EXPECT_MAX_CNT)
 
 	if (expect_policy->max_expected > NF_CT_EXPECT_MAX_CNT)
 
@@ -234,7 +234,8 @@ nfnl_cthelper_create(const struct nlattr * const tb[],
 
 	if (ret < 0)
 
 	if (ret < 0)
 
 		goto err1;
 
 		goto err1;
 
 
 
-	strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
 
+	nla_strlcpy(helper->name,
 
+		    nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
 
 	size = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
 
 	size = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
 
 	if (size > FIELD_SIZEOF(struct nf_conn_help, data)) {
 
 	if (size > FIELD_SIZEOF(struct nf_conn_help, data)) {
 
 		ret = -ENOMEM;
 
 		ret = -ENOMEM;