From 833305f9288d19f46158cb7932d32fad176f3e28 Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Mon, 14 Dec 2020 21:18:06 +0100
Subject: PFLOG: Use nd_printjnp() instead of %s conversion specifier

This change add a bounds checks.
---
 print-pflog.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'print-pflog.c')

diff --git a/print-pflog.c b/print-pflog.c
index 814c635c..f9e758a0 100644
--- a/print-pflog.c
+++ b/print-pflog.c
@@ -94,8 +94,11 @@ pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
 	subrulenr = GET_BE_U_4(&hdr->subrulenr);
 	if (subrulenr == (uint32_t)-1)
 		ND_PRINT("rule %u/", rulenr);
-	else
-		ND_PRINT("rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr);
+	else {
+		ND_PRINT("rule %u.", rulenr);
+		nd_printjnp(ndo, hdr->ruleset, PFLOG_RULESET_NAME_SIZE);
+		ND_PRINT(".%u/", subrulenr);
+	}
 
 	ND_PRINT("%s: %s %s on %s: ",
 	    tok2str(pf_reasons, "unkn(%u)", GET_U_1(&hdr->reason)),
-- 
cgit v1.2.1