Blame SOURCES/0032-firewall-util-add-an-assert-that-we-re-not-overwriti.patch
|
 |
a3e2b5 |
From fbe394e9166ddfe847dcac0eab0fcbd3c225dc33 Mon Sep 17 00:00:00 2001
|
|
|
a3e2b5 |
From: David Tardon <dtardon@redhat.com>
|
|
|
a3e2b5 |
Date: Wed, 10 Oct 2018 09:33:28 +0200
|
|
|
a3e2b5 |
Subject: [PATCH] firewall-util: add an assert that we're not overwriting a
|
|
|
a3e2b5 |
buffer
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
... like commit f28501279d2c28fdbb31d8273b723e9bf71d3b98 does for
|
|
|
a3e2b5 |
out_interface.
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
(cherry picked from commit 0b777d20e9a3868b12372ffce8040d1be063cec7)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
Resolves: #1602706
|
|
|
a3e2b5 |
---
|
|
|
a3e2b5 |
src/shared/firewall-util.c | 8 +++++++-
|
|
|
a3e2b5 |
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
|
|
|
a3e2b5 |
index eb4f5ff616..cba52fb419 100644
|
|
|
a3e2b5 |
--- a/src/shared/firewall-util.c
|
|
|
a3e2b5 |
+++ b/src/shared/firewall-util.c
|
|
|
a3e2b5 |
@@ -50,8 +50,14 @@ static int entry_fill_basics(
|
|
|
a3e2b5 |
entry->ip.proto = protocol;
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
if (in_interface) {
|
|
|
a3e2b5 |
+ size_t l;
|
|
|
a3e2b5 |
+
|
|
|
a3e2b5 |
+ l = strlen(in_interface);
|
|
|
a3e2b5 |
+ assert(l < sizeof entry->ip.iniface);
|
|
|
a3e2b5 |
+ assert(l < sizeof entry->ip.iniface_mask);
|
|
|
a3e2b5 |
+
|
|
|
a3e2b5 |
strcpy(entry->ip.iniface, in_interface);
|
|
|
a3e2b5 |
- memset(entry->ip.iniface_mask, 0xFF, strlen(in_interface)+1);
|
|
|
a3e2b5 |
+ memset(entry->ip.iniface_mask, 0xFF, l + 1);
|
|
|
a3e2b5 |
}
|
|
|
a3e2b5 |
if (source) {
|
|
|
a3e2b5 |
entry->ip.src = source->in;
|