diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-04-05 20:31:37 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-04-07 10:48:55 +0200 |
commit | e7ff8bab1f72c5b45ead02a0e5302359616e5cdc (patch) | |
tree | ebf1c2ee0f3143539f142492c7d4e1c046970f2a | |
parent | a6d9aeb52e3c40bf064c49d869b71a27506c080a (diff) |
src: fix bogus assertion for unset attributes
If you try to obtain an unset attribute, you hit an assertion error
that should not happen. Fix this by checking if the attribute is
unset, otherwise skip the assertion checking.
Now that we have that nft_assert takes the data parameter, we can also
validate if someone is using the setter passing NULL, which is illegal.
So let's add an assertion for that as well.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/chain.c | 10 | ||||
-rw-r--r-- | src/internal.h | 14 | ||||
-rw-r--r-- | src/rule.c | 8 | ||||
-rw-r--r-- | src/set.c | 4 | ||||
-rw-r--r-- | src/table.c | 2 |
5 files changed, 20 insertions, 18 deletions
diff --git a/src/chain.c b/src/chain.c index ca71069..472203e 100644 --- a/src/chain.c +++ b/src/chain.c @@ -156,7 +156,7 @@ void nft_chain_attr_set_data(struct nft_chain *c, uint16_t attr, if (attr > NFT_CHAIN_ATTR_MAX) return; - nft_assert_validate(nft_chain_attr_validate, attr, data_len); + nft_assert_validate(data, nft_chain_attr_validate, attr, data_len); switch(attr) { case NFT_CHAIN_ATTR_NAME: @@ -300,7 +300,7 @@ uint32_t nft_chain_attr_get_u32(struct nft_chain *c, uint16_t attr) uint32_t data_len; const uint32_t *val = nft_chain_attr_get_data(c, attr, &data_len); - nft_assert(attr, data_len == sizeof(uint32_t)); + nft_assert(val, attr, data_len == sizeof(uint32_t)); return val ? *val : 0; } @@ -311,7 +311,7 @@ int32_t nft_chain_attr_get_s32(struct nft_chain *c, uint16_t attr) uint32_t data_len; const int32_t *val = nft_chain_attr_get_data(c, attr, &data_len); - nft_assert(attr, data_len == sizeof(int32_t)); + nft_assert(val, attr, data_len == sizeof(int32_t)); return val ? *val : 0; } @@ -322,7 +322,7 @@ uint64_t nft_chain_attr_get_u64(struct nft_chain *c, uint16_t attr) uint32_t data_len; const uint64_t *val = nft_chain_attr_get_data(c, attr, &data_len); - nft_assert(attr, data_len == sizeof(int64_t)); + nft_assert(val, attr, data_len == sizeof(int64_t)); return val ? *val : 0; } @@ -333,7 +333,7 @@ uint8_t nft_chain_attr_get_u8(struct nft_chain *c, uint16_t attr) uint32_t data_len; const uint8_t *val = nft_chain_attr_get_data(c, attr, &data_len); - nft_assert(attr, data_len == sizeof(int8_t)); + nft_assert(val, attr, data_len == sizeof(int8_t)); return val ? *val : 0; } diff --git a/src/internal.h b/src/internal.h index 3216bc6..ba994c8 100644 --- a/src/internal.h +++ b/src/internal.h @@ -189,15 +189,17 @@ struct nft_set_elem { void __nft_assert_fail(uint16_t attr, const char *filename, int line); -#define nft_assert(attr, expr) \ - ((expr) \ +#define nft_assert(val, attr, expr) \ + ((!val || expr) \ ? (void)0 \ : __nft_assert_fail(attr, __FILE__, __LINE__)) -#define nft_assert_validate(_validate_array, _attr, _data_len) \ -({ \ - if (_validate_array[_attr]) \ - nft_assert(attr, _validate_array[_attr] == _data_len); \ +#define nft_assert_validate(data, _validate_array, _attr, _data_len) \ +({ \ + if (!data) \ + __nft_assert_fail(attr, __FILE__, __LINE__); \ + if (_validate_array[_attr]) \ + nft_assert(data, attr, _validate_array[_attr] == _data_len); \ }) #endif @@ -133,7 +133,7 @@ void nft_rule_attr_set_data(struct nft_rule *r, uint16_t attr, if (attr > NFT_RULE_ATTR_MAX) return; - nft_assert_validate(nft_rule_attr_validate, attr, data_len); + nft_assert_validate(data, nft_rule_attr_validate, attr, data_len); switch(attr) { case NFT_RULE_ATTR_TABLE: @@ -248,7 +248,7 @@ uint32_t nft_rule_attr_get_u32(const struct nft_rule *r, uint16_t attr) uint32_t data_len; const uint32_t *val = nft_rule_attr_get_data(r, attr, &data_len); - nft_assert(attr, data_len == sizeof(uint32_t)); + nft_assert(val, attr, data_len == sizeof(uint32_t)); return val ? *val : 0; } @@ -259,7 +259,7 @@ uint64_t nft_rule_attr_get_u64(const struct nft_rule *r, uint16_t attr) uint32_t data_len; const uint64_t *val = nft_rule_attr_get_data(r, attr, &data_len); - nft_assert(attr, data_len == sizeof(uint64_t)); + nft_assert(val, attr, data_len == sizeof(uint64_t)); return val ? *val : 0; } @@ -270,7 +270,7 @@ uint8_t nft_rule_attr_get_u8(const struct nft_rule *r, uint16_t attr) uint32_t data_len; const uint8_t *val = nft_rule_attr_get_data(r, attr, &data_len); - nft_assert(attr, data_len == sizeof(uint8_t)); + nft_assert(val, attr, data_len == sizeof(uint8_t)); return val ? *val : 0; } @@ -111,7 +111,7 @@ void nft_set_attr_set_data(struct nft_set *s, uint16_t attr, const void *data, if (attr > NFT_SET_ATTR_MAX) return; - nft_assert_validate(nft_set_attr_validate, attr, data_len); + nft_assert_validate(data, nft_set_attr_validate, attr, data_len); switch(attr) { case NFT_SET_ATTR_TABLE: @@ -219,7 +219,7 @@ uint32_t nft_set_attr_get_u32(struct nft_set *s, uint16_t attr) uint32_t data_len; const uint32_t *val = nft_set_attr_get_data(s, attr, &data_len); - nft_assert(attr, data_len == sizeof(uint32_t)); + nft_assert(val, attr, data_len == sizeof(uint32_t)); return val ? *val : 0; } diff --git a/src/table.c b/src/table.c index 7a85b9e..44e9a7b 100644 --- a/src/table.c +++ b/src/table.c @@ -90,7 +90,7 @@ void nft_table_attr_set_data(struct nft_table *t, uint16_t attr, if (attr > NFT_TABLE_ATTR_MAX) return; - nft_assert_validate(nft_table_attr_validate, attr, data_len); + nft_assert_validate(data, nft_table_attr_validate, attr, data_len); switch (attr) { case NFT_TABLE_ATTR_NAME: |