diff options
author | Phil Sutter <phil@nwl.cc> | 2024-03-07 13:56:14 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2024-04-11 01:27:07 +0200 |
commit | 5d94baba0f43426120ce025aacaa74406659ad7f (patch) | |
tree | 1988b7c3cfb9c0388ecce343e216f52714f65c0b /src/object.c | |
parent | f8348db87791bb8061b7f9ecf856e835ab74d006 (diff) |
obj: Enforce attr_policy compliance in nftnl_obj_set_data()
Every object type defines an attr_policy array, so deny setting
attributes for object types which don't have it present or if it
specifies a non-zero maxlen which is lower than the given data_len.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'src/object.c')
-rw-r--r-- | src/object.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/object.c b/src/object.c index bd4e51a..2ddaa29 100644 --- a/src/object.c +++ b/src/object.c @@ -151,7 +151,12 @@ int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr, default: if (!obj->ops || attr < NFTNL_OBJ_BASE || - attr > obj->ops->nftnl_max_attr) + attr > obj->ops->nftnl_max_attr || + !obj->ops->attr_policy) + return -1; + + if (obj->ops->attr_policy[attr].maxlen && + obj->ops->attr_policy[attr].maxlen < data_len) return -1; if (obj->ops->set(obj, attr, data, data_len) < 0) |