netfilter: nfnetlink_hook: fix check for snprintf() overflow

The kernel version of snprintf() can't return negatives. The "ret > (int)sizeof(sym)" check is off by one because and it should be >=. Finally, we need to set a negative error code. Fixes: e2cf17d3774c ("netfilter: add new hook nfnl subsystem") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Dan Carpenter <dan.carpenter@oracle.com> 2021-06-19 16:55:46 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-06-21 23:05:29 +0300
commit: 24610ed80df65a564d6165d15505a950d05f9f5a (patch)
tree: 472932825e271ae415eab1dec306a68f754031f3 /net/netfilter
parent: 3078d964c0fe6cf8eba197c862d1011cb7c0e7b4 (diff)
download: linux-24610ed80df65a564d6165d15505a950d05f9f5a.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink_hook.c b/net/netfilter/nfnetlink_hook.c
index 58fda6ac663b..50b4e3c9347a 100644
--- a/net/netfilter/nfnetlink_hook.c
+++ b/net/netfilter/nfnetlink_hook.c
@@ -126,8 +126,10 @@ static int nfnl_hook_dump_one(struct sk_buff *nlskb,
 
 #ifdef CONFIG_KALLSYMS
 	ret = snprintf(sym, sizeof(sym), "%ps", ops->hook);
-	if (ret < 0 || ret > (int)sizeof(sym))
+	if (ret >= sizeof(sym)) {
+		ret = -EINVAL;
 		goto nla_put_failure;
+	}
 
 	module_name = strstr(sym, " [");
 	if (module_name) {
author	Dan Carpenter <dan.carpenter@oracle.com>	2021-06-19 16:55:46 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-06-21 23:05:29 +0300
commit	24610ed80df65a564d6165d15505a950d05f9f5a (patch)
tree	472932825e271ae415eab1dec306a68f754031f3 /net/netfilter
parent	3078d964c0fe6cf8eba197c862d1011cb7c0e7b4 (diff)
download	linux-24610ed80df65a564d6165d15505a950d05f9f5a.tar.xz