diff options
author | Phil Sutter <phil@nwl.cc> | 2024-03-07 14:49:08 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2024-04-11 01:27:07 +0200 |
commit | be0bae0ad31b0adb506f96de083f52a2bd0d4fbf (patch) | |
tree | 378a1a3ffc541149493c184f0e3c21dfb675cebf /src/expr/nat.c | |
parent | c48ac8cba8716a8bc4ff713ee965eee2643cfc31 (diff) |
With attr_policy in place, data_len has an upper boundary but it may be
lower than the attribute's storage area in which case memcpy() would
read garbage.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'src/expr/nat.c')
-rw-r--r-- | src/expr/nat.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/expr/nat.c b/src/expr/nat.c index f3f8644..1235ba4 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -42,25 +42,25 @@ nftnl_expr_nat_set(struct nftnl_expr *e, uint16_t type, switch(type) { case NFTNL_EXPR_NAT_TYPE: - memcpy(&nat->type, data, sizeof(nat->type)); + memcpy(&nat->type, data, data_len); break; case NFTNL_EXPR_NAT_FAMILY: - memcpy(&nat->family, data, sizeof(nat->family)); + memcpy(&nat->family, data, data_len); break; case NFTNL_EXPR_NAT_REG_ADDR_MIN: - memcpy(&nat->sreg_addr_min, data, sizeof(nat->sreg_addr_min)); + memcpy(&nat->sreg_addr_min, data, data_len); break; case NFTNL_EXPR_NAT_REG_ADDR_MAX: - memcpy(&nat->sreg_addr_max, data, sizeof(nat->sreg_addr_max)); + memcpy(&nat->sreg_addr_max, data, data_len); break; case NFTNL_EXPR_NAT_REG_PROTO_MIN: - memcpy(&nat->sreg_proto_min, data, sizeof(nat->sreg_proto_min)); + memcpy(&nat->sreg_proto_min, data, data_len); break; case NFTNL_EXPR_NAT_REG_PROTO_MAX: - memcpy(&nat->sreg_proto_max, data, sizeof(nat->sreg_proto_max)); + memcpy(&nat->sreg_proto_max, data, data_len); break; case NFTNL_EXPR_NAT_FLAGS: - memcpy(&nat->flags, data, sizeof(nat->flags)); + memcpy(&nat->flags, data, data_len); break; } |