To make overflows as obvious as possible and to prevent code from blithely
proceeding with a truncated string. This also has a side-effect to fix a
compilation warning when using GCC 8.2.1.
net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get':
net/netfilter/ipset/ip_set_core.c:2027:3: warning: 'strncpy' writing 32
bytes into a region of size 2 overflows the destination
[-Wstringop-overflow=]
Signed-off-by: Qian Cai <c...@gmx.us>
---
Changelog:
* v2:
- Released the lock for the error-path as well.
* v1:
- Checked the return value.
net/netfilter/ipset/ip_set_core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_core.c
b/net/netfilter/ipset/ip_set_core.c
index 1577f2f76060..33929fb645b6 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -2024,9 +2024,11 @@ ip_set_sockfn_get(struct sock *sk, int optval, void
__user *user, int *len)
}
nfnl_lock(NFNL_SUBSYS_IPSET);
set = ip_set(inst, req_get->set.index);
- strncpy(req_get->set.name, set ? set->name : "",
- IPSET_MAXNAMELEN);
+ ret = strscpy(req_get->set.name, set ? set->name : "",
+ IPSET_MAXNAMELEN);
nfnl_unlock(NFNL_SUBSYS_IPSET);
+ if (ret == -E2BIG)
+ goto done;
goto copy;
}
default:
--
2.17.2 (Apple Git-113)
