poky/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch - openbmc/openbmc - Gitiles

 From 907e429d7548157016cd51aba4adc5d0c7d9f816 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg@pld-linux.org>
 Date: Wed, 14 Nov 2018 07:35:28 +0100
 Subject: extensions: format-security fixes in libip[6]t_icmp
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
 introduced support for gcc feature to check format string against passed
 argument.  This commit adds missing bits to extenstions's libipt_icmp.c
 and libip6t_icmp6.c that were causing build to fail.

 Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
 Signed-off-by: Adam Gołębiowski <adamg@pld-linux.org>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 Upstream-Status: Backport
 ---
  extensions/libip6t_icmp6.c | 4 ++--
  extensions/libipt_icmp.c   | 2 +-
  2 files changed, 3 insertions(+), 3 deletions(-)

 diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
 index 45a71875..cc7bfaeb 100644
 --- a/extensions/libip6t_icmp6.c
 +++ b/extensions/libip6t_icmp6.c
 @@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
  	type_name = icmp6_type_xlate(icmptype);

  	if (type_name) {
 -		xt_xlate_add(xl, type_name);
 +		xt_xlate_add(xl, "%s", type_name);
  	} else {
  		for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
  			if (icmpv6_codes[i].type == icmptype &&
 @@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
  				break;

  		if (i != ARRAY_SIZE(icmpv6_codes))
 -			xt_xlate_add(xl, icmpv6_codes[i].name);
 +			xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
  		else
  			return 0;
  	}
 diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
 index 54189976..e76257c5 100644
 --- a/extensions/libipt_icmp.c
 +++ b/extensions/libipt_icmp.c
 @@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
  			if (icmp_codes[i].type == icmptype &&
  			    icmp_codes[i].code_min == code_min &&
  			    icmp_codes[i].code_max == code_max) {
 -				xt_xlate_add(xl, icmp_codes[i].name);
 +				xt_xlate_add(xl, "%s", icmp_codes[i].name);
  				return 1;
  			}
  	}
 --
 cgit v1.2.1
	From 907e429d7548157016cd51aba4adc5d0c7d9f816 Mon Sep 17 00:00:00 2001
	From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg@pld-linux.org>
	Date: Wed, 14 Nov 2018 07:35:28 +0100
	Subject: extensions: format-security fixes in libip[6]t_icmp
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
	introduced support for gcc feature to check format string against passed
	argument. This commit adds missing bits to extenstions's libipt_icmp.c
	and libip6t_icmp6.c that were causing build to fail.

	Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
	Signed-off-by: Adam Gołębiowski <adamg@pld-linux.org>
	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

	Upstream-Status: Backport
	---
	extensions/libip6t_icmp6.c \| 4 ++--
	extensions/libipt_icmp.c \| 2 +-
	2 files changed, 3 insertions(+), 3 deletions(-)

	diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
	index 45a71875..cc7bfaeb 100644
	--- a/extensions/libip6t_icmp6.c
	+++ b/extensions/libip6t_icmp6.c
	@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
	type_name = icmp6_type_xlate(icmptype);

	if (type_name) {
	- xt_xlate_add(xl, type_name);
	+ xt_xlate_add(xl, "%s", type_name);
	} else {
	for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
	if (icmpv6_codes[i].type == icmptype &&
	@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
	break;

	if (i != ARRAY_SIZE(icmpv6_codes))
	- xt_xlate_add(xl, icmpv6_codes[i].name);
	+ xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
	else
	return 0;
	}
	diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
	index 54189976..e76257c5 100644
	--- a/extensions/libipt_icmp.c
	+++ b/extensions/libipt_icmp.c
	@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
	if (icmp_codes[i].type == icmptype &&
	icmp_codes[i].code_min == code_min &&
	icmp_codes[i].code_max == code_max) {
	- xt_xlate_add(xl, icmp_codes[i].name);
	+ xt_xlate_add(xl, "%s", icmp_codes[i].name);
	return 1;
	}
	}
	--
	cgit v1.2.1