diff options
author | Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> | 2013-06-26 13:37:09 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-06-27 19:36:51 +0200 |
commit | cf783fa92a83cdffd9e7cfb768d72a2f1b81a13b (patch) | |
tree | a367013b645ec2c8eaef30373172c7acf885ee45 /src/expr | |
parent | 977b7a1dbe1bdd949bb156ca85c7ce4f9f88ceb6 (diff) |
exthdr: xml: fix mandatory elements
According to net/netfilter/nft_exthdr.c: nft_exthdr_init(),
all of dreg, type, offset and len are mandatory:
if (tb[NFTA_EXTHDR_DREG] == NULL ||
tb[NFTA_EXTHDR_TYPE] == NULL ||
tb[NFTA_EXTHDR_OFFSET] == NULL ||
tb[NFTA_EXTHDR_LEN] == NULL)
return -EINVAL;
So the XML parser must make sure the equivalent nodes exists.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/expr')
-rw-r--r-- | src/expr/exthdr.c | 95 |
1 files changed, 55 insertions, 40 deletions
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 7e16878..762facd 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -195,64 +195,79 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml) return -1; } - /* Get and set <dreg>. Not mandatory */ + /* All nodes are mandatory */ + + /* Get and set <dreg> */ node = mxmlFindElement(tree, tree, "dreg", NULL, NULL, MXML_DESCEND_FIRST); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } + if (node == NULL) { + mxmlDelete(tree); + return -1; + } - if (tmp > NFT_REG_MAX) { - mxmlDelete(tree); - return -1; - } + tmp = strtoull(node->child->value.opaque, &endptr, 10); + if (tmp > UINT32_MAX || tmp < 0 || *endptr) { + mxmlDelete(tree); + return -1; + } - exthdr->dreg = tmp; - e->flags |= (1 << NFT_EXPR_EXTHDR_DREG); + if (tmp > NFT_REG_MAX) { + mxmlDelete(tree); + return -1; } - /* Get and set <type>. Not mandatory */ + exthdr->dreg = tmp; + e->flags |= (1 << NFT_EXPR_EXTHDR_DREG); + + /* Get and set <type> */ node = mxmlFindElement(tree, tree, "type", NULL, NULL, MXML_DESCEND); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT8_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } + if (node == NULL) { + mxmlDelete(tree); + return -1; + } - exthdr->type = tmp; - e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE); + tmp = strtoull(node->child->value.opaque, &endptr, 10); + if (tmp > UINT8_MAX || tmp < 0 || *endptr) { + mxmlDelete(tree); + return -1; } - /* Get and set <offset>. Not mandatory */ + exthdr->type = tmp; + e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE); + + /* Get and set <offset> */ node = mxmlFindElement(tree, tree, "offset", NULL, NULL, MXML_DESCEND); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } + if (node == NULL) { + mxmlDelete(tree); + return -1; + } - exthdr->offset = tmp; - e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET); + tmp = strtoull(node->child->value.opaque, &endptr, 10); + if (tmp > UINT_MAX || tmp < 0 || *endptr) { + mxmlDelete(tree); + return -1; } - /* Get and set <len>. Not mandatory */ + exthdr->offset = tmp; + e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET); + + /* Get and set <len> */ node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } + if (node == NULL) { + mxmlDelete(tree); + return -1; + } - exthdr->len = tmp; - e->flags |= (1 << NFT_EXPR_EXTHDR_LEN); + tmp = strtoull(node->child->value.opaque, &endptr, 10); + if (tmp > UINT_MAX || tmp < 0 || *endptr) { + mxmlDelete(tree); + return -1; } + + exthdr->len = tmp; + e->flags |= (1 << NFT_EXPR_EXTHDR_LEN); + mxmlDelete(tree); return 0; #else |