diff options
author | Ken-ichirou MATSUZAWA <chamaken@gmail.com> | 2015-09-11 10:54:53 +0900 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-10-05 17:35:12 +0200 |
commit | b5db77dc91454d1a1722672e13e87bf41d5ed427 (patch) | |
tree | a9c77649dca47ad2be8ba98e0f89409447e31f30 /src | |
parent | 46912f1c18e01b63660a56ea7d9c572741e06117 (diff) |
nlmsg: add lacking attributes validation
This patch adds four (actually two) attributes validation with
comparing to current kernel header.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/nlmsg.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/nlmsg.c b/src/nlmsg.c index cabd8be..ba28c77 100644 --- a/src/nlmsg.c +++ b/src/nlmsg.c @@ -140,6 +140,7 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) case NFQA_SECCTX: case NFQA_UID: case NFQA_GID: + case NFQA_CT_INFO: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) return MNL_CB_ERROR; break; @@ -155,7 +156,15 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) return MNL_CB_ERROR; } break; + case NFQA_PACKET_HDR: + if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, + sizeof(struct nfqnl_msg_packet_hdr)) < 0) { + return MNL_CB_ERROR; + } + break; case NFQA_PAYLOAD: + case NFQA_CT: + case NFQA_EXP: break; } tb[type] = attr; |