From b5db77dc91454d1a1722672e13e87bf41d5ed427 Mon Sep 17 00:00:00 2001
From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Date: Fri, 11 Sep 2015 10:54:53 +0900
Subject: nlmsg: add lacking attributes validation

This patch adds four (actually two) attributes validation with
comparing to current kernel header.

Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/nlmsg.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src')

diff --git a/src/nlmsg.c b/src/nlmsg.c
index cabd8be..ba28c77 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -140,6 +140,7 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 	case NFQA_SECCTX:
 	case NFQA_UID:
 	case NFQA_GID:
+	case NFQA_CT_INFO:
 		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
 			return MNL_CB_ERROR;
 		break;
@@ -155,7 +156,15 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 			return MNL_CB_ERROR;
 		}
 		break;
+	case NFQA_PACKET_HDR:
+		if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC,
+		    sizeof(struct nfqnl_msg_packet_hdr)) < 0) {
+			return MNL_CB_ERROR;
+		}
+		break;
 	case NFQA_PAYLOAD:
+	case NFQA_CT:
+	case NFQA_EXP:
 		break;
 	}
 	tb[type] = attr;
-- 
cgit v1.2.3