diff options
author | Carlos Falgueras García <carlosfg@riseup.net> | 2016-06-20 12:29:19 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-06-22 19:25:14 +0200 |
commit | 59cb13bb62b36efa25b29fe280ada7b1f0984325 (patch) | |
tree | 39c6b27df766b774e651a8973868d57d51f9e2d0 /src/rule.c | |
parent | 2fee091b0dd1741a8a87cafceaa0091adadd2b46 (diff) |
src: fix missing error checking in parser functions
Bail out on errors in several nftnl_*_nlmsg_parse() functions. We can
overwrite the previous error value, and may execute code which should
not.
Bad way:
int f() {
int ret;
ret = g();
ret = h();
return ret;
}
Good way:
int f() {
int ret;
ret = g();
if (ret < 0)
return ret;
ret = h();
if (ret < 0)
return ret;
return 0;
}
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 14 |
1 files changed, 10 insertions, 4 deletions
@@ -427,7 +427,7 @@ int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r) { struct nlattr *tb[NFTA_RULE_MAX+1] = {}; struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); - int ret = 0; + int ret; if (mnl_attr_parse(nlh, sizeof(*nfg), nftnl_rule_parse_attr_cb, tb) < 0) return -1; @@ -452,10 +452,16 @@ int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r) r->handle = be64toh(mnl_attr_get_u64(tb[NFTA_RULE_HANDLE])); r->flags |= (1 << NFTNL_RULE_HANDLE); } - if (tb[NFTA_RULE_EXPRESSIONS]) + if (tb[NFTA_RULE_EXPRESSIONS]) { ret = nftnl_rule_parse_expr(tb[NFTA_RULE_EXPRESSIONS], r); - if (tb[NFTA_RULE_COMPAT]) + if (ret < 0) + return ret; + } + if (tb[NFTA_RULE_COMPAT]) { ret = nftnl_rule_parse_compat(tb[NFTA_RULE_COMPAT], r); + if (ret < 0) + return ret; + } if (tb[NFTA_RULE_POSITION]) { r->position = be64toh(mnl_attr_get_u64(tb[NFTA_RULE_POSITION])); r->flags |= (1 << NFTNL_RULE_POSITION); @@ -480,7 +486,7 @@ int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r) r->family = nfg->nfgen_family; r->flags |= (1 << NFTNL_RULE_FAMILY); - return ret; + return 0; } EXPORT_SYMBOL_ALIAS(nftnl_rule_nlmsg_parse, nft_rule_nlmsg_parse); |