set: Don't bypass checks in nftnl_set_set_u{32,64}()

By calling nftnl_set_set(), any data size checks are effectively bypassed. Better call nftnl_set_set_data() directly, passing the real size for validation. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2019-10-04 21:33:48 +0200
committer: Phil Sutter <phil@nwl.cc> 2019-10-15 19:19:39 +0200
commit: 0d5bb960b2f953c71fff15f88c8f0c331a1fa965 (patch)
tree: cf26a6d93f4de9ae9b76693c5ba28ab5b515a621 /src
parent: 14156fa831e5652ec43552d0dd5c16a7de412261 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/set.c b/src/set.c
index e6db725..5e49a6d 100644
--- a/src/set.c
+++ b/src/set.c
@@ -204,13 +204,13 @@ int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data)
 EXPORT_SYMBOL(nftnl_set_set_u32);
 void nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val)
 {
-	nftnl_set_set(s, attr, &val);
+	nftnl_set_set_data(s, attr, &val, sizeof(uint32_t));
 }
 
 EXPORT_SYMBOL(nftnl_set_set_u64);
 void nftnl_set_set_u64(struct nftnl_set *s, uint16_t attr, uint64_t val)
 {
-	nftnl_set_set(s, attr, &val);
+	nftnl_set_set_data(s, attr, &val, sizeof(uint64_t));
 }
 
 EXPORT_SYMBOL(nftnl_set_set_str);
author	Phil Sutter <phil@nwl.cc>	2019-10-04 21:33:48 +0200
committer	Phil Sutter <phil@nwl.cc>	2019-10-15 19:19:39 +0200
commit	0d5bb960b2f953c71fff15f88c8f0c331a1fa965 (patch)
tree	cf26a6d93f4de9ae9b76693c5ba28ab5b515a621 /src
parent	14156fa831e5652ec43552d0dd5c16a7de412261 (diff)