summaryrefslogtreecommitdiff
path: root/net/netfilter/ipset
diff options
context:
space:
mode:
authorQian Cai <cai@gmx.us>2018-12-10 14:39:38 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-12-14 00:04:08 +0100
commit00ec3ab0601280d00978ac4245a62b470cfa81bb (patch)
tree0268ded5f01db33551c33bfe4a5e61ce4b0315ad /net/netfilter/ipset
parent8e350ce1f78ef5a7d8250b9b4bdf733ce2fa5b1f (diff)
netfilter: ipset: replace a strncpy() with strscpy()
To make overflows as obvious as possible and to prevent code from blithely proceeding with a truncated string. This also has a side-effect to fix a compilation warning when using GCC 8.2.1. net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get': net/netfilter/ipset/ip_set_core.c:2027:3: warning: 'strncpy' writing 32 bytes into a region of size 2 overflows the destination [-Wstringop-overflow=] Signed-off-by: Qian Cai <cai@gmx.us> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/ipset')
-rw-r--r--net/netfilter/ipset/ip_set_core.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index e3113aa1a975..45a257695bef 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -2154,9 +2154,11 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len)
}
nfnl_lock(NFNL_SUBSYS_IPSET);
set = ip_set(inst, req_get->set.index);
- strncpy(req_get->set.name, set ? set->name : "",
- IPSET_MAXNAMELEN);
+ ret = strscpy(req_get->set.name, set ? set->name : "",
+ IPSET_MAXNAMELEN);
nfnl_unlock(NFNL_SUBSYS_IPSET);
+ if (ret < 0)
+ goto done;
goto copy;
}
default: