Sat Oct 5 23:32:20 2019 UTC ()
use target size in a couple of strncpy() calls:
- load_hash() has already zeroed the structure so final nul is there.
- print_ipflog() copied final byte that was then nul'd.


(mrg)
diff -r1.2 -r1.3 src/external/bsd/ipf/dist/lib/load_hash.c
diff -r1.8 -r1.9 src/external/bsd/ipf/dist/tools/ipmon.c
cvs diff -r1.2 -r1.3 src/external/bsd/ipf/dist/lib/load_hash.c (expand / switch to unified diff)

--- src/external/bsd/ipf/dist/lib/load_hash.c 2012/07/22 14:27:36 1.2
+++ src/external/bsd/ipf/dist/lib/load_hash.c 2019/10/05 23:32:20 1.3
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: load_hash.c,v 1.2 2012/07/22 14:27:36 darrenr Exp $ */ 1/* $NetBSD: load_hash.c,v 1.3 2019/10/05 23:32:20 mrg Exp $ */
2 2
3/* 3/*
4 * Copyright (C) 2012 by Darren Reed. 4 * Copyright (C) 2012 by Darren Reed.
5 * 5 *
6 * See the IPFILTER.LICENCE file for details on licencing. 6 * See the IPFILTER.LICENCE file for details on licencing.
7 * 7 *
8 * Id: load_hash.c,v 1.1.1.2 2012/07/22 13:44:39 darrenr Exp $ 8 * Id: load_hash.c,v 1.1.1.2 2012/07/22 13:44:39 darrenr Exp $
9 */ 9 */
10 10
11#include <fcntl.h> 11#include <fcntl.h>
12#include <sys/ioctl.h> 12#include <sys/ioctl.h>
13#include "ipf.h" 13#include "ipf.h"
14#include "netinet/ip_lookup.h" 14#include "netinet/ip_lookup.h"
@@ -57,28 +57,28 @@ load_hash(iphp, list, iocfunc) @@ -57,28 +57,28 @@ load_hash(iphp, list, iocfunc)
57 iph.iph_size = size; 57 iph.iph_size = size;
58 iph.iph_table = NULL; 58 iph.iph_table = NULL;
59 iph.iph_list = NULL; 59 iph.iph_list = NULL;
60 iph.iph_ref = 0; 60 iph.iph_ref = 0;
61 61
62 if ((opts & OPT_REMOVE) == 0) { 62 if ((opts & OPT_REMOVE) == 0) {
63 if (pool_ioctl(iocfunc, SIOCLOOKUPADDTABLE, &op)) 63 if (pool_ioctl(iocfunc, SIOCLOOKUPADDTABLE, &op))
64 if ((opts & OPT_DONOTHING) == 0) { 64 if ((opts & OPT_DONOTHING) == 0) {
65 return ipf_perror_fd(pool_fd(), iocfunc, 65 return ipf_perror_fd(pool_fd(), iocfunc,
66 "add lookup hash table"); 66 "add lookup hash table");
67 } 67 }
68 } 68 }
69 69
70 strncpy(iph.iph_name, op.iplo_name, sizeof(op.iplo_name)); 70 strncpy(iph.iph_name, op.iplo_name, sizeof(iph.iph_name) - 1);
71 strncpy(iphp->iph_name, op.iplo_name, sizeof(op.iplo_name)); 71 strncpy(iphp->iph_name, op.iplo_name, sizeof(iphp->iph_name) - 1);
72 72
73 if (opts & OPT_VERBOSE) { 73 if (opts & OPT_VERBOSE) {
74 iph.iph_table = calloc(size, sizeof(*iph.iph_table)); 74 iph.iph_table = calloc(size, sizeof(*iph.iph_table));
75 if (iph.iph_table == NULL) { 75 if (iph.iph_table == NULL) {
76 perror("calloc(size, sizeof(*iph.iph_table))"); 76 perror("calloc(size, sizeof(*iph.iph_table))");
77 return -1; 77 return -1;
78 } 78 }
79 iph.iph_list = list; 79 iph.iph_list = list;
80 printhash(&iph, bcopywrap, iph.iph_name, opts, NULL); 80 printhash(&iph, bcopywrap, iph.iph_name, opts, NULL);
81 free(iph.iph_table); 81 free(iph.iph_table);
82 82
83 for (a = list; a != NULL; a = a->ipe_next) { 83 for (a = list; a != NULL; a = a->ipe_next) {
84 a->ipe_addr.in4_addr = htonl(a->ipe_addr.in4_addr); 84 a->ipe_addr.in4_addr = htonl(a->ipe_addr.in4_addr);
cvs diff -r1.8 -r1.9 src/external/bsd/ipf/dist/tools/ipmon.c (expand / switch to unified diff)

--- src/external/bsd/ipf/dist/tools/ipmon.c 2018/02/04 08:19:42 1.8
+++ src/external/bsd/ipf/dist/tools/ipmon.c 2019/10/05 23:32:20 1.9
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: ipmon.c,v 1.8 2018/02/04 08:19:42 mrg Exp $ */ 1/* $NetBSD: ipmon.c,v 1.9 2019/10/05 23:32:20 mrg Exp $ */
2 2
3/* 3/*
4 * Copyright (C) 2012 by Darren Reed. 4 * Copyright (C) 2012 by Darren Reed.
5 * 5 *
6 * See the IPFILTER.LICENCE file for details on licencing. 6 * See the IPFILTER.LICENCE file for details on licencing.
7 */ 7 */
8#include "ipf.h" 8#include "ipf.h"
9#include "ipmon.h" 9#include "ipmon.h"
10#include <sys/ioctl.h> 10#include <sys/ioctl.h>
11#include <sys/stat.h> 11#include <sys/stat.h>
12#include <syslog.h> 12#include <syslog.h>
13#include <ctype.h> 13#include <ctype.h>
14#include <fcntl.h> 14#include <fcntl.h>
@@ -1087,27 +1087,27 @@ print_ipflog(config_t *conf, const iplog @@ -1087,27 +1087,27 @@ print_ipflog(config_t *conf, const iplog
1087 (void) sprintf(t, ".%-.6ld ", (long)ipl->ipl_usec); 1087 (void) sprintf(t, ".%-.6ld ", (long)ipl->ipl_usec);
1088 t += strlen(t); 1088 t += strlen(t);
1089 if (ipl->ipl_count > 1) { 1089 if (ipl->ipl_count > 1) {
1090 sprintf(t, "%dx ", ipl->ipl_count); 1090 sprintf(t, "%dx ", ipl->ipl_count);
1091 t += strlen(t); 1091 t += strlen(t);
1092 } 1092 }
1093#if (defined(MENTAT) || \ 1093#if (defined(MENTAT) || \
1094 (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \ 1094 (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
1095 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) || \ 1095 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) || \
1096 (defined(OpenBSD) && (OpenBSD >= 199603))) || defined(linux) 1096 (defined(OpenBSD) && (OpenBSD >= 199603))) || defined(linux)
1097 { 1097 {
1098 char ifname[sizeof(ipf.fl_ifname) + 1]; 1098 char ifname[sizeof(ipf.fl_ifname) + 1];
1099 1099
1100 strncpy(ifname, ipf.fl_ifname, sizeof(ipf.fl_ifname)); 1100 strncpy(ifname, ipf.fl_ifname, sizeof(ifname)-1);
1101 ifname[sizeof(ipf.fl_ifname)] = '\0'; 1101 ifname[sizeof(ipf.fl_ifname)] = '\0';
1102 sprintf(t, "%s", ifname); 1102 sprintf(t, "%s", ifname);
1103 t += strlen(t); 1103 t += strlen(t);
1104# if defined(MENTAT) || defined(linux) 1104# if defined(MENTAT) || defined(linux)
1105# if defined(linux) 1105# if defined(linux)
1106 /* 1106 /*
1107 * On Linux, the loopback interface is just "lo", not "lo0". 1107 * On Linux, the loopback interface is just "lo", not "lo0".
1108 */ 1108 */
1109 if (strcmp(ifname, "lo") != 0) 1109 if (strcmp(ifname, "lo") != 0)
1110# endif 1110# endif
1111 if (ISALPHA(*(t - 1))) { 1111 if (ISALPHA(*(t - 1))) {
1112 sprintf(t, "%d", ipf.fl_unit); 1112 sprintf(t, "%d", ipf.fl_unit);
1113 t += strlen(t); 1113 t += strlen(t);