diff options
author | Phil Sutter <phil@nwl.cc> | 2019-10-04 21:25:50 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-10-16 15:26:20 +0200 |
commit | ede1781101f669312ae513a83932f0c727738df9 (patch) | |
tree | 12bbca73eabd3ba0ed283505280a6b2f00a8d314 /src/set_elem.c | |
parent | 00b144bc9d093dbdd1a3690dc8e8fb90b5447f2d (diff) |
set_elem: Validate nftnl_set_elem_set() parameters
Copying from nftnl_table_set_data(), validate input to
nftnl_set_elem_set() as well. Given that for some attributes the
function assumes passed data size, this seems necessary.
Since data size expected for NFTNL_SET_ELEM_VERDICT attribute is
sizeof(uint32_t), change type of 'verdict' field in union nftnl_data_reg
accordingly.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/set_elem.c')
-rw-r--r-- | src/set_elem.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/set_elem.c b/src/set_elem.c index 3794f12..d3ce807 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -96,10 +96,20 @@ void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr) s->flags &= ~(1 << attr); } +static uint32_t nftnl_set_elem_validate[NFTNL_SET_ELEM_MAX + 1] = { + [NFTNL_SET_ELEM_FLAGS] = sizeof(uint32_t), + [NFTNL_SET_ELEM_VERDICT] = sizeof(uint32_t), + [NFTNL_SET_ELEM_TIMEOUT] = sizeof(uint64_t), + [NFTNL_SET_ELEM_EXPIRATION] = sizeof(uint64_t), +}; + EXPORT_SYMBOL(nftnl_set_elem_set); int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr, const void *data, uint32_t data_len) { + nftnl_assert_attr_exists(attr, NFTNL_SET_ELEM_MAX); + nftnl_assert_validate(data, nftnl_set_elem_validate, attr, data_len); + switch(attr) { case NFTNL_SET_ELEM_FLAGS: memcpy(&s->set_elem_flags, data, sizeof(s->set_elem_flags)); |