projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
firewall3: clean up the flow table detection logic
[project/firewall3.git]
/
snats.c
diff --git
a/snats.c
b/snats.c
index 1d78f93f30662f475d24bd5817a03c1b106b02ec..a2706faee1004e77550831ca8ef242a75f8e355e 100644
(file)
--- a/
snats.c
+++ b/
snats.c
@@
-265,30
+265,38
@@
static void
set_target(struct fw3_ipt_rule *r, struct fw3_snat *snat,
struct fw3_protocol *proto)
{
set_target(struct fw3_ipt_rule *r, struct fw3_snat *snat,
struct fw3_protocol *proto)
{
- char buf[sizeof("255.255.255.255:65535-65535\0")];
+ char buf[sizeof("255.255.255.255:65535-65535")] = {};
+ char ip[INET_ADDRSTRLEN], portcntbuf[6], *p = buf;
+ size_t rem = sizeof(buf);
+ int len;
if (snat->target == FW3_FLAG_SNAT)
{
if (snat->target == FW3_FLAG_SNAT)
{
- buf[0] = '\0';
-
if (snat->ip_snat.set)
{
if (snat->ip_snat.set)
{
- inet_ntop(AF_INET, &snat->ip_snat.address.v4, buf, sizeof(buf));
+ inet_ntop(AF_INET, &snat->ip_snat.address.v4, ip, sizeof(ip));
+
+ len = snprintf(p, rem, "%s", ip);
+
+ if (len < 0 || len >= rem)
+ return;
+
+ rem -= len;
+ p += len;
}
if (snat->port_snat.set && proto && !proto->any &&
(proto->protocol == 6 || proto->protocol == 17 || proto->protocol == 1))
{
if (snat->port_snat.port_min == snat->port_snat.port_max)
}
if (snat->port_snat.set && proto && !proto->any &&
(proto->protocol == 6 || proto->protocol == 17 || proto->protocol == 1))
{
if (snat->port_snat.port_min == snat->port_snat.port_max)
- s
printf(buf + strlen(buf)
, ":%u", snat->port_snat.port_min);
+ s
nprintf(p, rem
, ":%u", snat->port_snat.port_min);
else
else
- s
printf(buf + strlen(buf)
, ":%u-%u",
- snat->port_snat.port_min, snat->port_snat.port_max);
+ s
nprintf(p, rem
, ":%u-%u",
+
snat->port_snat.port_min, snat->port_snat.port_max);
if (snat->connlimit_ports) {
if (snat->connlimit_ports) {
- char portcntbuf[6];
snprintf(portcntbuf, sizeof(portcntbuf), "%u",
snprintf(portcntbuf, sizeof(portcntbuf), "%u",
-
1 + snat->port_snat.port_max - snat->port_snat.port_min);
+ 1 + snat->port_snat.port_max - snat->port_snat.port_min);
fw3_ipt_rule_addarg(r, false, "-m", "connlimit");
fw3_ipt_rule_addarg(r, false, "--connlimit-daddr", NULL);
fw3_ipt_rule_addarg(r, false, "-m", "connlimit");
fw3_ipt_rule_addarg(r, false, "--connlimit-daddr", NULL);