[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter-devel
Subject: [PATCH] netfilter: fix stringop-overflow warning with UBSAN
From: Arnd Bergmann <arnd () arndb ! de>
Date: 2017-07-31 10:09:03
Message-ID: 20170731100913.465530-1-arnd () arndb ! de
[Download RAW message or body]
Using gcc-7 with UBSAN enabled, we get this false-positive warning:
net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get':
net/netfilter/ipset/ip_set_core.c:1998:3: error: 'strncpy' writing 32 bytes into a \
region of size 2 overflows the destination [-Werror=stringop-overflow=] \
strncpy(req_get->set.name, set ? set->name : "", \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(req_get->set.name));
~~~~~~~~~~~~~~~~~~~~~~~~~~
This seems completely bogus, and I could not find a nice workaround.
To work around it in a less elegant way, I change the ?: operator
into an if()/else() construct.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
net/netfilter/ipset/ip_set_core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index e495b5e484b1..d7ebb021003b 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1995,8 +1995,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user \
*user, int *len) }
nfnl_lock(NFNL_SUBSYS_IPSET);
set = ip_set(inst, req_get->set.index);
- strncpy(req_get->set.name, set ? set->name : "",
- IPSET_MAXNAMELEN);
+ if (set)
+ strncpy(req_get->set.name, set->name,
+ sizeof(req_get->set.name));
+ else
+ memset(req_get->set.name, '\0',
+ sizeof(req_get->set.name));
nfnl_unlock(NFNL_SUBSYS_IPSET);
goto copy;
}
--
2.9.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic