summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Haller <thaller@redhat.com>2022-04-22 18:59:26 (GMT)
committerThomas Haller <thaller@redhat.com>2022-04-22 19:04:56 (GMT)
commit8acf6d57b70762f6adf92da4ac09f58905a1b523 (patch)
tree58fd3ee78b326f9e4344d23324605ed09a8834e5
parentbf3585ff248ab309f12a328687ac895f09bc0709 (diff)
downloadlibnl-8acf6d57b70762f6adf92da4ac09f58905a1b523.zip
libnl-8acf6d57b70762f6adf92da4ac09f58905a1b523.tar.gz
libnl-8acf6d57b70762f6adf92da4ac09f58905a1b523.tar.bz2
nl-pktloc-lookup: fix buffer overflow when printing alignment
While at it, avoid global variables. Coverity also warned at this place, though the warning from coverity was bogus: Error: STRING_OVERFLOW (CWE-120): libnl-3.6.0/src/nl-pktloc-lookup.c:72: fixed_size_dest: You might overrun the 16-character fixed-size string "buf" by copying "align_txt[loc->align]" without checking the length. # 70|ยทยทยท # 71| if (loc->align <= 4) # 72|-> strcpy(buf, align_txt[loc->align]); # 73| else # 74| snprintf(buf, sizeof(buf), "%u", loc->align);
-rw-r--r--src/nl-pktloc-lookup.c57
1 files changed, 34 insertions, 23 deletions
diff --git a/src/nl-pktloc-lookup.c b/src/nl-pktloc-lookup.c
index f888424..606b2db 100644
--- a/src/nl-pktloc-lookup.c
+++ b/src/nl-pktloc-lookup.c
@@ -7,6 +7,8 @@
#include <netlink/route/pktloc.h>
#include <linux/tc_ematch/tc_em_cmp.h>
+#include "netlink-private/utils.h"
+
static void print_usage(void)
{
printf(
@@ -45,8 +47,19 @@ static const char *layer_txt[] = {
[TCF_LAYER_TRANSPORT] = "tcp"
};
+static const char *get_align_txt(struct rtnl_pktloc *loc, char buf[static 16])
+{
+ if (loc->align < _NL_N_ELEMENTS(align_txt))
+ return align_txt[loc->align];
+
+ snprintf(buf, 16, "%u", loc->align);
+ return buf;
+}
+
static void dump_u32_style(struct rtnl_pktloc *loc, uint32_t value)
{
+ char buf[16];
+
if (loc->align > 4)
nl_cli_fatal(EINVAL, "u32 only supports alignments u8|u16|u32.");
@@ -57,37 +70,35 @@ static void dump_u32_style(struct rtnl_pktloc *loc, uint32_t value)
if (loc->shift > 0)
nl_cli_fatal(EINVAL, "u32 does not support shifting.");
- printf("%s %x %x at %s%u\n",
- align_txt[loc->align],
- value, loc->mask ? loc->mask : align_mask[loc->align],
- loc->layer == TCF_LAYER_TRANSPORT ? "nexthdr+" : "",
- loc->offset);
-}
-
-static char *get_align_txt(struct rtnl_pktloc *loc)
-{
- static char buf[16];
-
- if (loc->align <= 4)
- strcpy(buf, align_txt[loc->align]);
- else
- snprintf(buf, sizeof(buf), "%u", loc->align);
-
- return buf;
+ printf("%s %x %x at %s%u\n", get_align_txt(loc, buf), value,
+ loc->mask ? loc->mask :
+ (loc->align < _NL_N_ELEMENTS(align_mask) ?
+ align_mask[loc->align] :
+ 0),
+ loc->layer == TCF_LAYER_TRANSPORT ? "nexthdr+" : "",
+ loc->offset);
}
static void dump_loc(struct rtnl_pktloc *loc)
{
- printf("%s = %s at %s+%u & %#x >> %u\n",
- loc->name, get_align_txt(loc), layer_txt[loc->layer],
- loc->offset, loc->mask, loc->shift);
+ char buf[16];
+
+ printf("%s = %s at %s+%u & %#x >> %u\n", loc->name,
+ get_align_txt(loc, buf),
+ loc->layer < _NL_N_ELEMENTS(layer_txt) ? layer_txt[loc->layer] :
+ "???",
+ loc->offset, loc->mask, loc->shift);
}
static void list_cb(struct rtnl_pktloc *loc, void *arg)
{
- printf("%-26s %-5s %3s+%-4u %#-10x %-8u %u\n",
- loc->name, get_align_txt(loc), layer_txt[loc->layer],
- loc->offset, loc->mask, loc->shift, loc->refcnt);
+ char buf[16];
+
+ printf("%-26s %-5s %3s+%-4u %#-10x %-8u %u\n", loc->name,
+ get_align_txt(loc, buf),
+ loc->layer < _NL_N_ELEMENTS(layer_txt) ? layer_txt[loc->layer] :
+ "???",
+ loc->offset, loc->mask, loc->shift, loc->refcnt);
}
static void do_list(void)