Overview

File bufferov.diff of Package libnftnl

From: Jan Engelhardt <jengelh@inai.de>
Date: 2017-10-13 02:43:06.480980575 +0200
X-Upstream: reported

resolve a potential buffer overflow when i > 9
[reg->len > 36].


expr/data_reg.c:69:27: warning: '%d' directive writing between 1 and
10 bytes into a region of size 2 [-Wformat-overflow=]
   sprintf(node_name, "data%d", i);

---
 src/expr/data_reg.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: libnftnl-1.0.9/src/expr/data_reg.c
===================================================================
--- libnftnl-1.0.9.orig/src/expr/data_reg.c
+++ libnftnl-1.0.9/src/expr/data_reg.c
@@ -59,7 +59,7 @@ static int nftnl_data_reg_verdict_json_p
 static int nftnl_data_reg_value_json_parse(union nftnl_data_reg *reg, json_t *data,
 					 struct nftnl_parse_err *err)
 {
-	char node_name[8] = {};	/* strlen("data256") + 1 == 8 */
+	char node_name[16] = {};	/* strlen("data256") + 1 == 8 */
 	int ret, remain = sizeof(node_name), offset = 0, i;
 
 	if (nftnl_jansson_parse_val(data, "len", NFTNL_TYPE_U8, &reg->len, err) < 0)
openSUSE Build Service is sponsored by
Places