[libnftables PATCH 2/2] src: snprintf: fix buffer lengths

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [libnftables PATCH 2/2] src: snprintf: fix buffer lengths
Date: Thu, 26 Sep 2013 00:13:08 +0200	[thread overview]
Message-ID: <20130925221308.16997.11502.stgit@nfdev.cica.es> (raw)
In-Reply-To: <20130925221302.16997.17406.stgit@nfdev.cica.es>

Use 'len' instead of 'size' as length of the buffer to print.

While at it, fix invalid JSON offset in snprintf for sets and some
other minor style issues, such as bad indentations.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 src/chain.c    |   20 +++++++++-----------
 src/expr/ct.c  |    6 +++---
 src/rule.c     |   12 +++++++-----
 src/set.c      |   32 +++++++++++++++++---------------
 src/set_elem.c |   22 +++++++++++-----------
 5 files changed, 47 insertions(+), 45 deletions(-)

diff --git a/src/chain.c b/src/chain.c
index 8c0d804..874116a 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -753,7 +753,7 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
 {
 	int ret, len = size, offset = 0;
 
-	ret = snprintf(buf, size,
+	ret = snprintf(buf, len,
 		"{ \"chain\": {"
 			"\"name\": \"%s\","
 			"\"handle\": %"PRIu64","
@@ -768,7 +768,7 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM)) {
-		ret =  snprintf(buf+offset, size,
+		ret =  snprintf(buf+offset, len,
 				",\"type\": \"%s\","
 				"\"hooknum\": \"%s\","
 				"\"prio\": %d,"
@@ -778,9 +778,7 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	ret = snprintf(buf+offset, size,
-		"}"
-		"}");
+	ret = snprintf(buf+offset, len, "}}");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;
@@ -790,14 +788,14 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
 {
 	int ret, len = size, offset = 0;
 
-	ret = snprintf(buf, size, "<chain><name>%s</name>"
+	ret = snprintf(buf, len, "<chain><name>%s</name>"
 		       "<handle>%"PRIu64"</handle><bytes>%"PRIu64"</bytes>"
 		       "<packets>%"PRIu64"</packets><table>%s</table>",
 		       c->name, c->handle, c->bytes, c->packets, c->table);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM)) {
-		ret =  snprintf(buf+offset, size,
+		ret =  snprintf(buf+offset, len,
 				"<type>%s</type>"
 				"<hooknum>%s</hooknum>"
 				"<prio>%d</prio>"
@@ -807,7 +805,7 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	ret = snprintf(buf+offset, size, "<family>%s</family></chain>",
+	ret = snprintf(buf+offset, len, "<family>%s</family></chain>",
 		       nft_family2str(c->family));
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
@@ -819,12 +817,12 @@ static int nft_chain_snprintf_default(char *buf, size_t size,
 {
 	int ret, len = size, offset = 0;
 
-	ret = snprintf(buf, size, "%s %s %s",
-			nft_family2str(c->family), c->table, c->name);
+	ret = snprintf(buf, len, "%s %s %s",
+		       nft_family2str(c->family), c->table, c->name);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM)) {
-		ret = snprintf(buf+offset, size,
+		ret = snprintf(buf+offset, len,
 			       " type %s hook %s prio %d policy %s use %d "
 			       "packets %"PRIu64" bytes %"PRIu64"",
 			       c->type, nft_hooknum2str(c->family, c->hooknum),
diff --git a/src/expr/ct.c b/src/expr/ct.c
index ccefa1b..bf18c7e 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -279,17 +279,17 @@ nft_expr_ct_snprintf_json(char *buf, size_t size, struct nft_rule_expr *e)
 	int ret, len = size, offset = 0;
 	struct nft_expr_ct *ct = nft_expr_data(e);
 
-	ret = snprintf(buf, size, "\"dreg\" : %u", ct->dreg);
+	ret = snprintf(buf, len, "\"dreg\" : %u", ct->dreg);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (e->flags & (1 << NFT_EXPR_CT_KEY)) {
-		ret = snprintf(buf+offset, size, ", \"key\" : \"%s\"",
+		ret = snprintf(buf+offset, len, ", \"key\" : \"%s\"",
 						ctkey2str(ct->key));
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
 	if (e->flags & (1 << NFT_EXPR_CT_DIR)) {
-		ret = snprintf(buf+offset, size, ", \"dir\" : %u", ct->dir);
+		ret = snprintf(buf+offset, len, ", \"dir\" : %u", ct->dir);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
diff --git a/src/rule.c b/src/rule.c
index 5fd8814..550b325 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -705,7 +705,7 @@ static int nft_rule_snprintf_json(char *buf, size_t size, struct nft_rule *r,
 	int ret, len = size, offset = 0;
 	struct nft_rule_expr *expr;
 
-	ret = snprintf(buf, size,
+	ret = snprintf(buf, len,
 		       "{ \"rule\": { \"family\" : \"%s\", \"table\" : \"%s\", "
 		       "\"chain\"  : \"%s\", \"handle\" : %llu,",
 		       nft_family2str(r->family), r->table, r->chain,
@@ -759,7 +759,7 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
 	int ret, len = size, offset = 0;
 	struct nft_rule_expr *expr;
 
-	ret = snprintf(buf, size, "<rule><family>%s</family>"
+	ret = snprintf(buf, len, "<rule><family>%s</family>"
 		       "<table>%s</table><chain>%s</chain>"
 		       "<handle>%llu</handle><flags>%u</flags>",
 		       nft_family2str(r->family), r->table, r->chain,
@@ -786,7 +786,8 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
 				"<expr type=\"%s\">", expr->ops->name);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		ret = nft_rule_expr_snprintf(buf+offset, size, expr, type, flags);
+		ret = nft_rule_expr_snprintf(buf+offset, len, expr,
+					     type, flags);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		ret = snprintf(buf+offset, len, "</expr>");
@@ -805,7 +806,7 @@ static int nft_rule_snprintf_default(char *buf, size_t size, struct nft_rule *r,
 	struct nft_rule_expr *expr;
 	int ret, len = size, offset = 0;
 
-	ret = snprintf(buf, size, "%s %s %s %"PRIu64" %"PRIu64"\n",
+	ret = snprintf(buf, len, "%s %s %s %"PRIu64" %"PRIu64"\n",
 			nft_family2str(r->family), r->table, r->chain,
 			r->handle, r->position);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
@@ -814,7 +815,8 @@ static int nft_rule_snprintf_default(char *buf, size_t size, struct nft_rule *r,
 		ret = snprintf(buf+offset, len, "  [ %s ", expr->ops->name);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		ret = nft_rule_expr_snprintf(buf+offset, size, expr, type, flags);
+		ret = nft_rule_expr_snprintf(buf+offset, len, expr,
+					     type, flags);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		ret = snprintf(buf+offset, len, "]\n");
diff --git a/src/set.c b/src/set.c
index 530776d..7a9aedb 100644
--- a/src/set.c
+++ b/src/set.c
@@ -543,7 +543,7 @@ static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s,
 	int len = size, offset = 0, ret;
 	struct nft_set_elem *elem;
 
-	ret = snprintf(buf, size, "{ \"set\": { \"name\": \"%s\","
+	ret = snprintf(buf, len, "{ \"set\": { \"name\": \"%s\","
 				  "\"table\": \"%s\","
 				  "\"flags\": %u,\"family\": \"%s\","
 				  "\"key_type\": %u,\"key_len\": %u",
@@ -553,7 +553,7 @@ static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s,
 
 	if(s->flags & (1 << NFT_SET_ATTR_DATA_TYPE) &&
 	   s->flags & (1 << NFT_SET_ATTR_DATA_LEN)){
-		ret = snprintf(buf+offset, size,
+		ret = snprintf(buf+offset, len,
 				  ",\"data_type\": %u,\"data_len\": %u",
 			s->data_type, s->data_len);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
@@ -561,26 +561,28 @@ static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s,
 
 	/* Empty set? Skip printinf of elements */
 	if (list_empty(&s->element_list)){
-		ret = snprintf(buf+offset, size, "}}");
+		ret = snprintf(buf+offset, len, "}}");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 		return offset;
 	}
 
-	ret = snprintf(buf+offset, size, ",\"set_elem\": [");
+	ret = snprintf(buf+offset, len, ",\"set_elem\": [");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	list_for_each_entry(elem, &s->element_list, head) {
-		ret = snprintf(buf+offset, size, "{");
+		ret = snprintf(buf+offset, len, "{");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		ret = nft_set_elem_snprintf(buf+offset, size, elem, type, flags);
+		ret = nft_set_elem_snprintf(buf+offset, len, elem, type, flags);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		ret = snprintf(buf+offset, size, "}, ");
+		ret = snprintf(buf+offset, len, "}, ");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
+	/* Overwrite trailing ", " from last set_elem */
+	offset -= 2;
 
-	ret = snprintf(buf+offset-2, size, "]}}");
+	ret = snprintf(buf+offset, len, "]}}");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;
@@ -593,7 +595,7 @@ static int nft_set_snprintf_default(char *buf, size_t size, struct nft_set *s,
 	int len = size, offset = 0;
 	struct nft_set_elem *elem;
 
-	ret = snprintf(buf, size, "%s %s %x",
+	ret = snprintf(buf, len, "%s %s %x",
 			s->name, s->table, s->set_flags);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
@@ -601,14 +603,14 @@ static int nft_set_snprintf_default(char *buf, size_t size, struct nft_set *s,
 	if (list_empty(&s->element_list))
 		return offset;
 
-	ret = snprintf(buf+offset, size, "\n");
+	ret = snprintf(buf+offset, len, "\n");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	list_for_each_entry(elem, &s->element_list, head) {
-		ret = snprintf(buf+offset, size, "\t");
+		ret = snprintf(buf+offset, len, "\t");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		ret = nft_set_elem_snprintf(buf+offset, size, elem, type, flags);
+		ret = nft_set_elem_snprintf(buf+offset, len, elem, type, flags);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
@@ -622,7 +624,7 @@ static int nft_set_snprintf_xml(char *buf, size_t size, struct nft_set *s,
 	int len = size, offset = 0;
 	struct nft_set_elem *elem;
 
-	ret = snprintf(buf, size, "<set><family>%s</family>"
+	ret = snprintf(buf, len, "<set><family>%s</family>"
 				  "<table>%s</table>"
 				  "<name>%s</name>"
 				  "<flags>%u</flags>"
@@ -637,13 +639,13 @@ static int nft_set_snprintf_xml(char *buf, size_t size, struct nft_set *s,
 
 	if (!list_empty(&s->element_list)) {
 		list_for_each_entry(elem, &s->element_list, head) {
-			ret = nft_set_elem_snprintf(buf+offset, size, elem,
+			ret = nft_set_elem_snprintf(buf+offset, len, elem,
 						    NFT_SET_O_XML, flags);
 			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 		}
 	}
 
-	ret = snprintf(buf+offset, size, "</set>");
+	ret = snprintf(buf+offset, len, "</set>");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;
diff --git a/src/set_elem.c b/src/set_elem.c
index 885893b..ba24c96 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -454,17 +454,17 @@ static int nft_set_elem_snprintf_json(char *buf, size_t size,
 {
 	int ret, len = size, offset = 0, type = -1;
 
-	ret = snprintf(buf, size, "\"flags\": %u", e->set_elem_flags);
+	ret = snprintf(buf, len, "\"flags\": %u", e->set_elem_flags);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-	ret = snprintf(buf+offset, size, ",\"key\": {");
+	ret = snprintf(buf+offset, len, ",\"key\": {");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	ret = nft_data_reg_snprintf(buf+offset, len, &e->key,
 				    NFT_RULE_O_JSON, flags, DATA_VALUE);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-	ret = snprintf(buf+offset, size, "}");
+	ret = snprintf(buf+offset, len, "}");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (e->flags & (1 << NFT_SET_ELEM_ATTR_DATA))
@@ -475,14 +475,14 @@ static int nft_set_elem_snprintf_json(char *buf, size_t size,
 		type = DATA_VERDICT;
 
 	if (type != -1) {
-		ret = snprintf(buf+offset, size, ",\"data\": {");
+		ret = snprintf(buf+offset, len, ",\"data\": {");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		ret = nft_data_reg_snprintf(buf+offset, len, &e->data,
 				    NFT_RULE_O_JSON, flags, type);
 			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		ret = snprintf(buf+offset, size, "}");
+		ret = snprintf(buf+offset, len, "}");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
@@ -494,7 +494,7 @@ static int nft_set_elem_snprintf_default(char *buf, size_t size,
 {
 	int ret, len = size, offset = 0, i;
 
-	ret = snprintf(buf, size, "element ");
+	ret = snprintf(buf, len, "element ");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	for (i = 0; i < div_round_up(e->key.len, sizeof(uint32_t)); i++) {
@@ -502,7 +502,7 @@ static int nft_set_elem_snprintf_default(char *buf, size_t size,
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	ret = snprintf(buf+offset, size, " : ");
+	ret = snprintf(buf+offset, len, " : ");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	for (i = 0; i < div_round_up(e->data.len, sizeof(uint32_t)); i++) {
@@ -530,7 +530,7 @@ static int nft_set_elem_snprintf_xml(char *buf, size_t size,
 				    NFT_RULE_O_XML, flags, DATA_VALUE);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-	ret = snprintf(buf+offset, size, "</key>");
+	ret = snprintf(buf+offset, len, "</key>");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (e->flags & (1 << NFT_SET_ELEM_ATTR_DATA))
@@ -541,18 +541,18 @@ static int nft_set_elem_snprintf_xml(char *buf, size_t size,
 		type = DATA_VERDICT;
 
 	if (type != DATA_NONE) {
-		ret = snprintf(buf+offset, size, "<data>");
+		ret = snprintf(buf+offset, len, "<data>");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		ret = nft_data_reg_snprintf(buf+offset, len, &e->data,
 					    NFT_RULE_O_XML, flags, type);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		ret = snprintf(buf+offset, size, "</data>");
+		ret = snprintf(buf+offset, len, "</data>");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	ret = snprintf(buf+offset, size, "</set_elem>");
+	ret = snprintf(buf+offset, len, "</set_elem>");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;

next prev parent reply	other threads:[~2013-09-25 22:13 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-25 22:13 [libnftables PATCH 1/2] set_elem: xml: avoid code duplication Arturo Borrero Gonzalez
2013-09-25 22:13 ` Arturo Borrero Gonzalez [this message]
2013-09-27 14:06   ` [libnftables PATCH 2/2] src: snprintf: fix buffer lengths Pablo Neira Ayuso
2013-09-27 14:05 ` [libnftables PATCH 1/2] set_elem: xml: avoid code duplication Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8c0d804 dfblob:874116a dfblob:ccefa1b dfblob:bf18c7e
dfblob:5fd8814 dfblob:550b325 dfblob:530776d dfblob:7a9aedb
dfblob:885893b dfblob:ba24c96 )
 OR (
bs:"[libnftables PATCH 2/2] src: snprintf: fix buffer lengths" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130925221308.16997.11502.stgit@nfdev.cica.es \
    --to=arturo.borrero.glez@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).