diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-10-04 21:05:44 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2019-10-15 18:27:43 +0200 |
| commit | 807ccaa5ffa4772f4d81fff6fb105ab6bbcb8b10 (patch) | |
| tree | 6dd11628424ecaff14283f4a7368c34b131163aa /src/obj | |
| parent | 38e70330ee6c6b8ddc805ed2a0eb45531166b658 (diff) | |
obj: ct_timeout: Check return code of mnl_attr_parse_nested()
Don't ignore nested attribute parsing errors, this may hide bugs in
users' code.
Fixes: 0adceeab1597a ("src: add ct timeout support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/obj')
| -rw-r--r-- | src/obj/ct_timeout.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c index e2e9991..a439432 100644 --- a/src/obj/ct_timeout.c +++ b/src/obj/ct_timeout.c @@ -116,7 +116,7 @@ parse_timeout_attr_policy_cb(const struct nlattr *attr, void *data) return MNL_CB_OK; } -static void +static int timeout_parse_attr_data(struct nftnl_obj *e, const struct nlattr *nest) { @@ -131,7 +131,8 @@ timeout_parse_attr_data(struct nftnl_obj *e, memset(tb, 0, sizeof(struct nlattr *) * attr_max); - mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt); + if (mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt) < 0) + return -1; for (i = 1; i <= attr_max; i++) { if (tb[i]) { @@ -139,6 +140,7 @@ timeout_parse_attr_data(struct nftnl_obj *e, ntohl(mnl_attr_get_u32(tb[i]))); } } + return 0; } static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type, @@ -248,7 +250,8 @@ nftnl_obj_ct_timeout_parse(struct nftnl_obj *e, struct nlattr *attr) e->flags |= (1 << NFTNL_OBJ_CT_TIMEOUT_L4PROTO); } if (tb[NFTA_CT_TIMEOUT_DATA]) { - timeout_parse_attr_data(e, tb[NFTA_CT_TIMEOUT_DATA]); + if (timeout_parse_attr_data(e, tb[NFTA_CT_TIMEOUT_DATA]) < 0) + return -1; e->flags |= (1 << NFTNL_OBJ_CT_TIMEOUT_ARRAY); } return 0; |