netfilter: prefer nla_strlcpy for dealing with NLA_STRING attributes
fixes these warnings: 'nfnl_cthelper_create' at net/netfilter/nfnetlink_cthelper.c:237:2, 'nfnl_cthelper_new' at net/netfilter/nfnetlink_cthelper.c:450:9: ./include/linux/string.h:246:9: warning: '__builtin_strncpy' specified bound 16 equals destination size [-Wstringop-truncation] return __builtin_strncpy(p, q, size); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Moreover, strncpy assumes null-terminated source buffers, but thats not the case here. Unlike strlcpy, nla_strlcpy *does* pad the destination buffer while also considering nla attribute size. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
25fd386e0b
commit
4e09fc873d
|
@ -115,7 +115,7 @@ static int nfnl_acct_new(struct net *net, struct sock *nfnl,
|
||||||
nfacct->flags = flags;
|
nfacct->flags = flags;
|
||||||
}
|
}
|
||||||
|
|
||||||
strncpy(nfacct->name, nla_data(tb[NFACCT_NAME]), NFACCT_NAME_MAX);
|
nla_strlcpy(nfacct->name, nla_data(tb[NFACCT_NAME]), NFACCT_NAME_MAX);
|
||||||
|
|
||||||
if (tb[NFACCT_BYTES]) {
|
if (tb[NFACCT_BYTES]) {
|
||||||
atomic64_set(&nfacct->bytes,
|
atomic64_set(&nfacct->bytes,
|
||||||
|
|
|
@ -149,8 +149,8 @@ nfnl_cthelper_expect_policy(struct nf_conntrack_expect_policy *expect_policy,
|
||||||
!tb[NFCTH_POLICY_EXPECT_TIMEOUT])
|
!tb[NFCTH_POLICY_EXPECT_TIMEOUT])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
strncpy(expect_policy->name,
|
nla_strlcpy(expect_policy->name,
|
||||||
nla_data(tb[NFCTH_POLICY_NAME]), NF_CT_HELPER_NAME_LEN);
|
nla_data(tb[NFCTH_POLICY_NAME]), NF_CT_HELPER_NAME_LEN);
|
||||||
expect_policy->max_expected =
|
expect_policy->max_expected =
|
||||||
ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_MAX]));
|
ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_MAX]));
|
||||||
if (expect_policy->max_expected > NF_CT_EXPECT_MAX_CNT)
|
if (expect_policy->max_expected > NF_CT_EXPECT_MAX_CNT)
|
||||||
|
@ -234,7 +234,8 @@ nfnl_cthelper_create(const struct nlattr * const tb[],
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err1;
|
goto err1;
|
||||||
|
|
||||||
strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
|
nla_strlcpy(helper->name,
|
||||||
|
nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
|
||||||
size = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
|
size = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
|
||||||
if (size > FIELD_SIZEOF(struct nf_conn_help, data)) {
|
if (size > FIELD_SIZEOF(struct nf_conn_help, data)) {
|
||||||
ret = -ENOMEM;
|
ret = -ENOMEM;
|
||||||
|
|
Loading…
Reference in New Issue