|
Packit |
a57ba4 |
From 7e63dd95957a264d15eefdda3ea9449a6c72eb86 Mon Sep 17 00:00:00 2001
|
|
Packit |
a57ba4 |
From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg@pld-linux.org>
|
|
Packit |
a57ba4 |
Date: Wed, 14 Nov 2018 07:35:28 +0100
|
|
Packit |
a57ba4 |
Subject: [PATCH] extensions: format-security fixes in libip[6]t_icmp
|
|
Packit |
a57ba4 |
MIME-Version: 1.0
|
|
Packit |
a57ba4 |
Content-Type: text/plain; charset=UTF-8
|
|
Packit |
a57ba4 |
Content-Transfer-Encoding: 8bit
|
|
Packit |
a57ba4 |
|
|
Packit |
a57ba4 |
commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
|
|
Packit |
a57ba4 |
introduced support for gcc feature to check format string against passed
|
|
Packit |
a57ba4 |
argument. This commit adds missing bits to extenstions's libipt_icmp.c
|
|
Packit |
a57ba4 |
and libip6t_icmp6.c that were causing build to fail.
|
|
Packit |
a57ba4 |
|
|
Packit |
a57ba4 |
Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
|
|
Packit |
a57ba4 |
Signed-off-by: Adam Gołębiowski <adamg@pld-linux.org>
|
|
Packit |
a57ba4 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Packit |
a57ba4 |
(cherry picked from commit 907e429d7548157016cd51aba4adc5d0c7d9f816)
|
|
Packit |
a57ba4 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
Packit |
a57ba4 |
---
|
|
Packit |
a57ba4 |
extensions/libip6t_icmp6.c | 4 ++--
|
|
Packit |
a57ba4 |
extensions/libipt_icmp.c | 2 +-
|
|
Packit |
a57ba4 |
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
Packit |
a57ba4 |
|
|
Packit |
a57ba4 |
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
|
|
Packit |
a57ba4 |
index 45a71875722c4..cc7bfaeb72fd7 100644
|
|
Packit |
a57ba4 |
--- a/extensions/libip6t_icmp6.c
|
|
Packit |
a57ba4 |
+++ b/extensions/libip6t_icmp6.c
|
|
Packit |
a57ba4 |
@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
|
|
Packit |
a57ba4 |
type_name = icmp6_type_xlate(icmptype);
|
|
Packit |
a57ba4 |
|
|
Packit |
a57ba4 |
if (type_name) {
|
|
Packit |
a57ba4 |
- xt_xlate_add(xl, type_name);
|
|
Packit |
a57ba4 |
+ xt_xlate_add(xl, "%s", type_name);
|
|
Packit |
a57ba4 |
} else {
|
|
Packit |
a57ba4 |
for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
|
|
Packit |
a57ba4 |
if (icmpv6_codes[i].type == icmptype &&
|
|
Packit |
a57ba4 |
@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
|
|
Packit |
a57ba4 |
break;
|
|
Packit |
a57ba4 |
|
|
Packit |
a57ba4 |
if (i != ARRAY_SIZE(icmpv6_codes))
|
|
Packit |
a57ba4 |
- xt_xlate_add(xl, icmpv6_codes[i].name);
|
|
Packit |
a57ba4 |
+ xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
|
|
Packit |
a57ba4 |
else
|
|
Packit |
a57ba4 |
return 0;
|
|
Packit |
a57ba4 |
}
|
|
Packit |
a57ba4 |
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
|
|
Packit |
a57ba4 |
index 5418997668d4c..e76257c54708c 100644
|
|
Packit |
a57ba4 |
--- a/extensions/libipt_icmp.c
|
|
Packit |
a57ba4 |
+++ b/extensions/libipt_icmp.c
|
|
Packit |
a57ba4 |
@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
|
|
Packit |
a57ba4 |
if (icmp_codes[i].type == icmptype &&
|
|
Packit |
a57ba4 |
icmp_codes[i].code_min == code_min &&
|
|
Packit |
a57ba4 |
icmp_codes[i].code_max == code_max) {
|
|
Packit |
a57ba4 |
- xt_xlate_add(xl, icmp_codes[i].name);
|
|
Packit |
a57ba4 |
+ xt_xlate_add(xl, "%s", icmp_codes[i].name);
|
|
Packit |
a57ba4 |
return 1;
|
|
Packit |
a57ba4 |
}
|
|
Packit |
a57ba4 |
}
|
|
Packit |
a57ba4 |
--
|
|
Packit |
a57ba4 |
2.21.0
|
|
Packit |
a57ba4 |
|