[iptables] string: fix wrong pattern length calculation

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Mon Mar 2 11:58:47 CET 2009


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=409f2a8e3b2706c8c6c5e345a4bc77fca8ad7105
commit 409f2a8e3b2706c8c6c5e345a4bc77fca8ad7105
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Mon Mar 2 11:46:55 2009 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Mon Mar 2 11:46:55 2009 +0100

    string: fix wrong pattern length calculation
    
    This fixes a problem introduced in 37b4bde745698bf140d74e59a2561f34deeb8726
    that leads to the wrong calculation of the pattern length in the
    string match.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  409f2a8e3b2706c8c6c5e345a4bc77fca8ad7105 (commit)
      from  71886fbb48ef50e212c43f5d7dffbab86f9ae31c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 409f2a8e3b2706c8c6c5e345a4bc77fca8ad7105
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Mon Mar 2 11:46:55 2009 +0100

    string: fix wrong pattern length calculation
    
    This fixes a problem introduced in 37b4bde745698bf140d74e59a2561f34deeb8726
    that leads to the wrong calculation of the pattern length in the
    string match.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 extensions/libxt_string.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)
This fixes a problem introduced in 37b4bde745698bf140d74e59a2561f34deeb8726
that leads to the wrong calculation of the pattern length in the
string match.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 5ea529e..ba4b720 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -64,9 +64,10 @@ static void string_init(struct xt_entry_match *m)
 static void
 parse_string(const char *s, struct xt_string_info *info)
 {	
+	/* xt_string does not need \0 at the end of the pattern */
 	if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) {
 		strncpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE);
-		info->patlen = strlen(s);
+		info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE);
 		return;
 	}
 	xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
@@ -75,7 +76,8 @@ parse_string(const char *s, struct xt_string_info *info)
 static void
 parse_algo(const char *s, struct xt_string_info *info)
 {
-	if (strlen(s) <= XT_STRING_MAX_ALGO_NAME_SIZE) {
+	/* xt_string needs \0 for algo name */
+	if (strlen(s) < XT_STRING_MAX_ALGO_NAME_SIZE) {
 		strncpy(info->algo, s, XT_STRING_MAX_ALGO_NAME_SIZE);
 		return;
 	}
@@ -208,8 +210,6 @@ string_parse(int c, char **argv, int invert, unsigned int *flags,
 			else
 				stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
 		}
-		stringinfo->patlen = strnlen((char *)&stringinfo->pattern,
-			sizeof(stringinfo->patlen));
 		*flags |= STRING;
 		break;
 



More information about the netfilter-cvslog mailing list