From d05e9515b84074b0a0a49a2b49da31bd057bad7b Mon Sep 17 00:00:00 2001
From: Eyal Birger <eyal.birger@gmail.com>
Date: Fri, 1 Jan 2021 11:02:26 +0200
Subject: examples: check return value of nfct_nlmsg_build()

nfct_nlmsg_build() may fail for different reasons, for example if
insufficient parameters exist in the ct object. The resulting nlh would
not contain any of the ct attributes.

Some conntrack operations would still operate in such case, for example
an IPCTNL_MSG_CT_DELETE message would just delete all existing conntrack
entries.

While the example as it is does supply correct parameters, it's safer
as reference to validate the return value.

Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 examples/nfct-mnl-get.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'examples/nfct-mnl-get.c')

diff --git a/examples/nfct-mnl-get.c b/examples/nfct-mnl-get.c
index 4858acf..5be3331 100644
--- a/examples/nfct-mnl-get.c
+++ b/examples/nfct-mnl-get.c
@@ -74,7 +74,11 @@ int main(void)
 	nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
 	nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
 
-	nfct_nlmsg_build(nlh, ct);
+	ret = nfct_nlmsg_build(nlh, ct);
+	if (ret == -1) {
+		perror("nfct_nlmsg_build");
+		exit(EXIT_FAILURE);
+	}
 
 	ret = mnl_socket_sendto(nl, nlh, nlh->nlmsg_len);
 	if (ret == -1) {
-- 
cgit v1.2.3