obj: Enforce attr_policy compliance in nftnl_obj_set_data()

Every object type defines an attr_policy array, so deny setting attributes for object types which don't have it present or if it specifies a non-zero maxlen which is lower than the given data_len. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2024-03-07 13:56:14 +0100
committer: Phil Sutter <phil@nwl.cc> 2024-04-11 01:27:07 +0200
commit: 5d94baba0f43426120ce025aacaa74406659ad7f (patch)
tree: 1988b7c3cfb9c0388ecce343e216f52714f65c0b /src/object.c
parent: f8348db87791bb8061b7f9ecf856e835ab74d006 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/object.c b/src/object.c
index bd4e51a..2ddaa29 100644
--- a/src/object.c
+++ b/src/object.c
@@ -151,7 +151,12 @@ int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
 	default:
 		if (!obj->ops ||
 		    attr < NFTNL_OBJ_BASE ||
-		    attr > obj->ops->nftnl_max_attr)
+		    attr > obj->ops->nftnl_max_attr ||
+		    !obj->ops->attr_policy)
+			return -1;
+
+		if (obj->ops->attr_policy[attr].maxlen &&
+		    obj->ops->attr_policy[attr].maxlen < data_len)
 			return -1;
 
 		if (obj->ops->set(obj, attr, data, data_len) < 0)
author	Phil Sutter <phil@nwl.cc>	2024-03-07 13:56:14 +0100
committer	Phil Sutter <phil@nwl.cc>	2024-04-11 01:27:07 +0200
commit	5d94baba0f43426120ce025aacaa74406659ad7f (patch)
tree	1988b7c3cfb9c0388ecce343e216f52714f65c0b /src/object.c
parent	f8348db87791bb8061b7f9ecf856e835ab74d006 (diff)