set_elem: Validate nftnl_set_elem_set() parameters

Copying from nftnl_table_set_data(), validate input to nftnl_set_elem_set() as well. Given that for some attributes the function assumes passed data size, this seems necessary. Since data size expected for NFTNL_SET_ELEM_VERDICT attribute is sizeof(uint32_t), change type of 'verdict' field in union nftnl_data_reg accordingly. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2019-10-04 21:25:50 +0200
committer: Phil Sutter <phil@nwl.cc> 2019-10-16 15:26:20 +0200
commit: ede1781101f669312ae513a83932f0c727738df9 (patch)
tree: 12bbca73eabd3ba0ed283505280a6b2f00a8d314 /src/set_elem.c
parent: 00b144bc9d093dbdd1a3690dc8e8fb90b5447f2d (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/set_elem.c b/src/set_elem.c
index 3794f12..d3ce807 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -96,10 +96,20 @@ void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr)
 	s->flags &= ~(1 << attr);
 }
 
+static uint32_t nftnl_set_elem_validate[NFTNL_SET_ELEM_MAX + 1] = {
+	[NFTNL_SET_ELEM_FLAGS]		= sizeof(uint32_t),
+	[NFTNL_SET_ELEM_VERDICT]	= sizeof(uint32_t),
+	[NFTNL_SET_ELEM_TIMEOUT]	= sizeof(uint64_t),
+	[NFTNL_SET_ELEM_EXPIRATION]	= sizeof(uint64_t),
+};
+
 EXPORT_SYMBOL(nftnl_set_elem_set);
 int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr,
 		       const void *data, uint32_t data_len)
 {
+	nftnl_assert_attr_exists(attr, NFTNL_SET_ELEM_MAX);
+	nftnl_assert_validate(data, nftnl_set_elem_validate, attr, data_len);
+
 	switch(attr) {
 	case NFTNL_SET_ELEM_FLAGS:
 		memcpy(&s->set_elem_flags, data, sizeof(s->set_elem_flags));
author	Phil Sutter <phil@nwl.cc>	2019-10-04 21:25:50 +0200
committer	Phil Sutter <phil@nwl.cc>	2019-10-16 15:26:20 +0200
commit	ede1781101f669312ae513a83932f0c727738df9 (patch)
tree	12bbca73eabd3ba0ed283505280a6b2f00a8d314 /src/set_elem.c
parent	00b144bc9d093dbdd1a3690dc8e8fb90b5447f2d (diff)