From ede1781101f669312ae513a83932f0c727738df9 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 4 Oct 2019 21:25:50 +0200
Subject: set_elem: Validate nftnl_set_elem_set() parameters

Copying from nftnl_table_set_data(), validate input to
nftnl_set_elem_set() as well. Given that for some attributes the
function assumes passed data size, this seems necessary.

Since data size expected for NFTNL_SET_ELEM_VERDICT attribute is
sizeof(uint32_t), change type of 'verdict' field in union nftnl_data_reg
accordingly.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/libnftnl/set.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/libnftnl/set.h')

diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h
index 6640ad9..2ea2e9a 100644
--- a/include/libnftnl/set.h
+++ b/include/libnftnl/set.h
@@ -104,7 +104,9 @@ enum {
 	NFTNL_SET_ELEM_USERDATA,
 	NFTNL_SET_ELEM_EXPR,
 	NFTNL_SET_ELEM_OBJREF,
+	__NFTNL_SET_ELEM_MAX
 };
+#define NFTNL_SET_ELEM_MAX (__NFTNL_SET_ELEM_MAX - 1)
 
 struct nftnl_set_elem;
 
-- 
cgit v1.2.3