37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From 6ceec21204e0260af2d50e9e987d0fe3c79c28d4 Mon Sep 17 00:00:00 2001
|
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Date: Tue, 17 Oct 2023 15:50:21 +0200
|
|
Subject: [PATCH] evaluate: validate maximum log statement prefix length
|
|
|
|
Otherwise too long string overruns the log prefix buffer.
|
|
|
|
Fixes: e76bb3794018 ("src: allow for variables in the log prefix string")
|
|
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1714
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
---
|
|
src/evaluate.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index b7ae9113..2196e928 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -4175,8 +4175,13 @@ static int stmt_evaluate_log_prefix(struct eval_ctx *ctx, struct stmt *stmt)
|
|
struct expr *expr;
|
|
size_t size = 0;
|
|
|
|
- if (stmt->log.prefix->etype != EXPR_LIST)
|
|
+ if (stmt->log.prefix->etype != EXPR_LIST) {
|
|
+ if (stmt->log.prefix &&
|
|
+ div_round_up(stmt->log.prefix->len, BITS_PER_BYTE) >= NF_LOG_PREFIXLEN)
|
|
+ return expr_error(ctx->msgs, stmt->log.prefix, "log prefix is too long");
|
|
+
|
|
return 0;
|
|
+ }
|
|
|
|
list_for_each_entry(expr, &stmt->log.prefix->expressions, list) {
|
|
switch (expr->etype) {
|
|
--
|
|
2.33.0
|
|
|