diff options
| author | Thomas Haller <thaller@redhat.com> | 2022-04-22 18:59:26 (GMT) |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2022-04-22 19:04:56 (GMT) |
| commit | 8acf6d57b70762f6adf92da4ac09f58905a1b523 (patch) | |
| tree | 58fd3ee78b326f9e4344d23324605ed09a8834e5 | |
| parent | bf3585ff248ab309f12a328687ac895f09bc0709 (diff) | |
| download | libnl-8acf6d57b70762f6adf92da4ac09f58905a1b523.zip libnl-8acf6d57b70762f6adf92da4ac09f58905a1b523.tar.gz libnl-8acf6d57b70762f6adf92da4ac09f58905a1b523.tar.bz2 | |
nl-pktloc-lookup: fix buffer overflow when printing alignment
While at it, avoid global variables.
Coverity also warned at this place, though the warning from
coverity was bogus:
Error: STRING_OVERFLOW (CWE-120):
libnl-3.6.0/src/nl-pktloc-lookup.c:72: fixed_size_dest: You might overrun the 16-character fixed-size string "buf" by copying "align_txt[loc->align]" without checking the length.
# 70|ยทยทยท
# 71| if (loc->align <= 4)
# 72|-> strcpy(buf, align_txt[loc->align]);
# 73| else
# 74| snprintf(buf, sizeof(buf), "%u", loc->align);
| -rw-r--r-- | src/nl-pktloc-lookup.c | 57 |
1 files changed, 34 insertions, 23 deletions
diff --git a/src/nl-pktloc-lookup.c b/src/nl-pktloc-lookup.c index f888424..606b2db 100644 --- a/src/nl-pktloc-lookup.c +++ b/src/nl-pktloc-lookup.c @@ -7,6 +7,8 @@ #include <netlink/route/pktloc.h> #include <linux/tc_ematch/tc_em_cmp.h> +#include "netlink-private/utils.h" + static void print_usage(void) { printf( @@ -45,8 +47,19 @@ static const char *layer_txt[] = { [TCF_LAYER_TRANSPORT] = "tcp" }; +static const char *get_align_txt(struct rtnl_pktloc *loc, char buf[static 16]) +{ + if (loc->align < _NL_N_ELEMENTS(align_txt)) + return align_txt[loc->align]; + + snprintf(buf, 16, "%u", loc->align); + return buf; +} + static void dump_u32_style(struct rtnl_pktloc *loc, uint32_t value) { + char buf[16]; + if (loc->align > 4) nl_cli_fatal(EINVAL, "u32 only supports alignments u8|u16|u32."); @@ -57,37 +70,35 @@ static void dump_u32_style(struct rtnl_pktloc *loc, uint32_t value) if (loc->shift > 0) nl_cli_fatal(EINVAL, "u32 does not support shifting."); - printf("%s %x %x at %s%u\n", - align_txt[loc->align], - value, loc->mask ? loc->mask : align_mask[loc->align], - loc->layer == TCF_LAYER_TRANSPORT ? "nexthdr+" : "", - loc->offset); -} - -static char *get_align_txt(struct rtnl_pktloc *loc) -{ - static char buf[16]; - - if (loc->align <= 4) - strcpy(buf, align_txt[loc->align]); - else - snprintf(buf, sizeof(buf), "%u", loc->align); - - return buf; + printf("%s %x %x at %s%u\n", get_align_txt(loc, buf), value, + loc->mask ? loc->mask : + (loc->align < _NL_N_ELEMENTS(align_mask) ? + align_mask[loc->align] : + 0), + loc->layer == TCF_LAYER_TRANSPORT ? "nexthdr+" : "", + loc->offset); } static void dump_loc(struct rtnl_pktloc *loc) { - printf("%s = %s at %s+%u & %#x >> %u\n", - loc->name, get_align_txt(loc), layer_txt[loc->layer], - loc->offset, loc->mask, loc->shift); + char buf[16]; + + printf("%s = %s at %s+%u & %#x >> %u\n", loc->name, + get_align_txt(loc, buf), + loc->layer < _NL_N_ELEMENTS(layer_txt) ? layer_txt[loc->layer] : + "???", + loc->offset, loc->mask, loc->shift); } static void list_cb(struct rtnl_pktloc *loc, void *arg) { - printf("%-26s %-5s %3s+%-4u %#-10x %-8u %u\n", - loc->name, get_align_txt(loc), layer_txt[loc->layer], - loc->offset, loc->mask, loc->shift, loc->refcnt); + char buf[16]; + + printf("%-26s %-5s %3s+%-4u %#-10x %-8u %u\n", loc->name, + get_align_txt(loc, buf), + loc->layer < _NL_N_ELEMENTS(layer_txt) ? layer_txt[loc->layer] : + "???", + loc->offset, loc->mask, loc->shift, loc->refcnt); } static void do_list(void) |