diff options
author | Phil Sutter <phil@nwl.cc> | 2019-10-04 21:25:50 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-10-16 15:26:20 +0200 |
commit | ede1781101f669312ae513a83932f0c727738df9 (patch) | |
tree | 12bbca73eabd3ba0ed283505280a6b2f00a8d314 /include | |
parent | 00b144bc9d093dbdd1a3690dc8e8fb90b5447f2d (diff) |
set_elem: Validate nftnl_set_elem_set() parameters
Copying from nftnl_table_set_data(), validate input to
nftnl_set_elem_set() as well. Given that for some attributes the
function assumes passed data size, this seems necessary.
Since data size expected for NFTNL_SET_ELEM_VERDICT attribute is
sizeof(uint32_t), change type of 'verdict' field in union nftnl_data_reg
accordingly.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/data_reg.h | 2 | ||||
-rw-r--r-- | include/libnftnl/set.h | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/include/data_reg.h b/include/data_reg.h index f2675f2..10517ba 100644 --- a/include/data_reg.h +++ b/include/data_reg.h @@ -19,7 +19,7 @@ union nftnl_data_reg { uint32_t len; }; struct { - int verdict; + uint32_t verdict; const char *chain; }; }; diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h index 6640ad9..2ea2e9a 100644 --- a/include/libnftnl/set.h +++ b/include/libnftnl/set.h @@ -104,7 +104,9 @@ enum { NFTNL_SET_ELEM_USERDATA, NFTNL_SET_ELEM_EXPR, NFTNL_SET_ELEM_OBJREF, + __NFTNL_SET_ELEM_MAX }; +#define NFTNL_SET_ELEM_MAX (__NFTNL_SET_ELEM_MAX - 1) struct nftnl_set_elem; |