summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2019-10-15 15:58:13 +0200
committerPhil Sutter <phil@nwl.cc>2019-10-15 17:16:20 +0200
commit0ef5429f87dee067c8a70ef9d5b477198c803fcc (patch)
tree01b1afd53f1da63ed7f1448cbd8b135cbfa2fb5d
parent023c2d3301a06e2782d39e11ecc3345863a276b1 (diff)
mnl: Don't use nftnl_set_set()
The function is unsafe to use as it effectively bypasses data length checks. Instead use nftnl_set_set_str() which at least asserts a const char pointer is passed. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/mnl.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/mnl.c b/src/mnl.c
index 14fa4a71..75ab07b0 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -945,7 +945,7 @@ mnl_nft_set_dump(struct netlink_ctx *ctx, int family, const char *table)
nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
NLM_F_DUMP, ctx->seqnum);
if (table != NULL)
- nftnl_set_set(s, NFTNL_SET_TABLE, table);
+ nftnl_set_set_str(s, NFTNL_SET_TABLE, table);
nftnl_set_nlmsg_build_payload(nlh, s);
nftnl_set_free(s);