1 files changed, 16 insertions, 10 deletions

diff --git a/src/expr.c b/src/expr.c
index 8e0bce2..65180d6 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -1,11 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 /*
  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published
- * by the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
  * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
  */
 #include "internal.h"
@@ -71,6 +67,16 @@ int nftnl_expr_set(struct nftnl_expr *expr, uint16_t type,
 	case NFTNL_EXPR_NAME:	/* cannot be modified */
 		return 0;
 	default:
+		if (type < NFTNL_EXPR_BASE || type > expr->ops->nftnl_max_attr)
+			return -1;
+
+		if (!expr->ops->attr_policy)
+			return -1;
+
+		if (expr->ops->attr_policy[type].maxlen &&
+		    expr->ops->attr_policy[type].maxlen < data_len)
+			return -1;
+
 		if (expr->ops->set(expr, type, data, data_len) < 0)
 			return -1;
 	}
@@ -270,19 +276,19 @@ err1:
 }
 
 EXPORT_SYMBOL(nftnl_expr_snprintf);
-int nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr,
+int nftnl_expr_snprintf(char *buf, size_t remain, const struct nftnl_expr *expr,
 			uint32_t type, uint32_t flags)
 {
 	int ret;
-	unsigned int offset = 0, remain = size;
+	unsigned int offset = 0;
 
-	if (size)
+	if (remain)
 		buf[0] = '\0';
 
-	if (!expr->ops->snprintf)
+	if (!expr->ops->output || type != NFTNL_OUTPUT_DEFAULT)
 		return 0;
 
-	ret = expr->ops->snprintf(buf + offset, remain, type, flags, expr);
+	ret = expr->ops->output(buf + offset, remain, flags, expr);
 	SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 
 	return offset;