diff options
author | Phil Sutter <phil@nwl.cc> | 2023-12-15 16:32:30 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2024-03-06 15:40:37 +0100 |
commit | 62db596bf1f3dabffac3e0b9b0c3db487bfff828 (patch) | |
tree | 073e225781f4b6f25dcff47d698c192a96e5e8ea | |
parent | cdde5a8c5a8734f2d540a0ab52c32d41d4d18127 (diff) |
Every expression type defines an attr_policy array, so deny setting
attributes if not present. Also deny if maxlen field is non-zero and
lower than the given data_len.
Some attributes' max length is not fixed (e.g. NFTNL_EXPR_{TG,MT}_INFO )
or is not sensible to check (e.g. NFTNL_EXPR_DYNSET_EXPR). The zero
maxlen "nop" is also used for deprecated attributes, just to not
silently ignore them.
Signed-off-by: Phil Sutter <phil@nwl.cc>
-rw-r--r-- | src/expr.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -74,6 +74,13 @@ int nftnl_expr_set(struct nftnl_expr *expr, uint16_t type, if (type < NFTNL_EXPR_BASE || type > expr->ops->nftnl_max_attr) return -1; + if (!expr->ops->attr_policy) + return -1; + + if (expr->ops->attr_policy[type].maxlen && + expr->ops->attr_policy[type].maxlen < data_len) + return -1; + if (expr->ops->set(expr, type, data, data_len) < 0) return -1; } |