From 5029136028bff1747860ed770994b8f494c042fc Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 13 Dec 2023 23:49:53 +0100
Subject: expr: Call expr_ops::set with legal types only

Having the new expr_ops::nftnl_max_attr field in place, the valid range
of attribute type values is known now. Reject illegal ones upfront.

Consequently drop the default case from callbacks' switches which handle
all supported attributes.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 src/expr.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/expr.c')

diff --git a/src/expr.c b/src/expr.c
index b4581f1..74d211b 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -71,6 +71,9 @@ int nftnl_expr_set(struct nftnl_expr *expr, uint16_t type,
 	case NFTNL_EXPR_NAME:	/* cannot be modified */
 		return 0;
 	default:
+		if (type < NFTNL_EXPR_BASE || type > expr->ops->nftnl_max_attr)
+			return -1;
+
 		if (expr->ops->set(expr, type, data, data_len) < 0)
 			return -1;
 	}
-- 
cgit v1.2.3