ip: xfrm: limit the length of the security context name when printing
Security context names are not guaranteed to be NUL-terminated by the
kernel, so we can't just print them using %s directly. The length of
the string is determined by sctx->ctx_len, so we can use that to limit
what fprintf outputs.
While at it, factor that out to a separate function, since the exact
same code is used to print the security context for both policies and
states.
Fixes: b2bb289a57 ("xfrm security context support")
Reported-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This commit is contained in:
Sabrina Dubroca
Stephen Hemminger
parent
60204c81e4
commit
6050055387
43
ip/ipxfrm.c
43
ip/ipxfrm.c
|
|
@ -916,6 +916,19 @@ static int xfrm_selector_iszero(struct xfrm_selector *s)
|
|||
return (memcmp(&s0, s, sizeof(s0)) == 0);
|
||||
}
|
||||
|
||||
static void xfrm_sec_ctx_print(FILE *fp, struct rtattr *attr)
|
||||
{
|
||||
struct xfrm_user_sec_ctx *sctx;
|
||||
|
||||
fprintf(fp, "\tsecurity context ");
|
||||
|
||||
if (RTA_PAYLOAD(attr) < sizeof(*sctx))
|
||||
fprintf(fp, "(ERROR truncated)");
|
||||
|
||||
sctx = RTA_DATA(attr);
|
||||
fprintf(fp, "%.*s %s", sctx->ctx_len, (char *)(sctx + 1), _SL_);
|
||||
}
|
||||
|
||||
void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
|
||||
struct rtattr *tb[], FILE *fp, const char *prefix,
|
||||
const char *title, bool nokeys)
|
||||
|
|
@ -983,19 +996,8 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
|
|||
xfrm_stats_print(&xsinfo->stats, fp, buf);
|
||||
}
|
||||
|
||||
if (tb[XFRMA_SEC_CTX]) {
|
||||
struct xfrm_user_sec_ctx *sctx;
|
||||
|
||||
fprintf(fp, "\tsecurity context ");
|
||||
|
||||
if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
|
||||
fprintf(fp, "(ERROR truncated)");
|
||||
|
||||
sctx = RTA_DATA(tb[XFRMA_SEC_CTX]);
|
||||
|
||||
fprintf(fp, "%s %s", (char *)(sctx + 1), _SL_);
|
||||
}
|
||||
|
||||
if (tb[XFRMA_SEC_CTX])
|
||||
xfrm_sec_ctx_print(fp, tb[XFRMA_SEC_CTX]);
|
||||
}
|
||||
|
||||
void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
|
||||
|
|
@ -1006,19 +1008,8 @@ void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
|
|||
|
||||
xfrm_selector_print(&xpinfo->sel, preferred_family, fp, title);
|
||||
|
||||
if (tb[XFRMA_SEC_CTX]) {
|
||||
struct xfrm_user_sec_ctx *sctx;
|
||||
|
||||
fprintf(fp, "\tsecurity context ");
|
||||
|
||||
if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
|
||||
fprintf(fp, "(ERROR truncated)");
|
||||
|
||||
sctx = RTA_DATA(tb[XFRMA_SEC_CTX]);
|
||||
|
||||
fprintf(fp, "%s ", (char *)(sctx + 1));
|
||||
fprintf(fp, "%s", _SL_);
|
||||
}
|
||||
if (tb[XFRMA_SEC_CTX])
|
||||
xfrm_sec_ctx_print(fp, tb[XFRMA_SEC_CTX]);
|
||||
|
||||
if (prefix)
|
||||
strlcat(buf, prefix, sizeof(buf));
|
||||
|
|
|
|||
Loading…
Reference in New Issue