From 844541f4c43c2469b9955b78480cbe36fde653d0 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 10 Jun 2016 14:13:00 +0200
Subject: src: assert when setting unknown attributes

If this attribute is not supported by the library, we should rise an
assertion so the client knows something is wrong, instead of silently
going through.

The only case I can think may hit this problem is version mismatch
between library and tools. This should not ever really happen, so better
bail out from the library itself in this case.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/utils.h | 9 +++++++++
 src/chain.c     | 4 +---
 src/gen.c       | 4 +---
 src/rule.c      | 4 +---
 src/set.c       | 4 +---
 src/table.c     | 4 +---
 src/utils.c     | 8 ++++++++
 7 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/include/utils.h b/include/utils.h
index 46ff18a..21694b6 100644
--- a/include/utils.h
+++ b/include/utils.h
@@ -43,6 +43,15 @@ void __nftnl_assert_fail(uint16_t attr, const char *filename, int line);
 		nftnl_assert(data, attr, _validate_array[_attr] == _data_len);	\
 })
 
+void __nftnl_assert_attr_exists(uint16_t attr, uint16_t attr_max,
+				const char *filename, int line);
+
+#define nftnl_assert_attr_exists(_attr, _attr_max)					\
+({											\
+	if (_attr > _attr_max)								\
+		__nftnl_assert_attr_exists(_attr, _attr_max, __FILE__, __LINE__);	\
+})
+
 #define SNPRINTF_BUFFER_SIZE(ret, size, len, offset)	\
 	if (ret < 0)					\
 		return ret;				\
diff --git a/src/chain.c b/src/chain.c
index 990c576..c7a9597 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -168,9 +168,7 @@ static uint32_t nftnl_chain_validate[NFTNL_CHAIN_MAX + 1] = {
 void nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr,
 			     const void *data, uint32_t data_len)
 {
-	if (attr > NFTNL_CHAIN_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_CHAIN_MAX);
 	nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
 
 	switch(attr) {
diff --git a/src/gen.c b/src/gen.c
index 115a105..ea29e2a 100644
--- a/src/gen.c
+++ b/src/gen.c
@@ -67,9 +67,7 @@ static uint32_t nftnl_gen_validate[NFTNL_GEN_MAX + 1] = {
 void nftnl_gen_set_data(struct nftnl_gen *gen, uint16_t attr,
 			   const void *data, uint32_t data_len)
 {
-	if (attr > NFTNL_GEN_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_GEN_MAX);
 	nftnl_assert_validate(data, nftnl_gen_validate, attr, data_len);
 
 	switch (attr) {
diff --git a/src/rule.c b/src/rule.c
index 04cadae..e63c961 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -132,9 +132,7 @@ static uint32_t nftnl_rule_validate[NFTNL_RULE_MAX + 1] = {
 void nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
 			    const void *data, uint32_t data_len)
 {
-	if (attr > NFTNL_RULE_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_RULE_MAX);
 	nftnl_assert_validate(data, nftnl_rule_validate, attr, data_len);
 
 	switch(attr) {
diff --git a/src/set.c b/src/set.c
index dbea93b..d2467e4 100644
--- a/src/set.c
+++ b/src/set.c
@@ -116,9 +116,7 @@ static uint32_t nftnl_set_validate[NFTNL_SET_MAX + 1] = {
 void nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
 			   uint32_t data_len)
 {
-	if (attr > NFTNL_SET_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_SET_MAX);
 	nftnl_assert_validate(data, nftnl_set_validate, attr, data_len);
 
 	switch(attr) {
diff --git a/src/table.c b/src/table.c
index 42fe49f..7eefc70 100644
--- a/src/table.c
+++ b/src/table.c
@@ -87,9 +87,7 @@ static uint32_t nftnl_table_validate[NFTNL_TABLE_MAX + 1] = {
 void nftnl_table_set_data(struct nftnl_table *t, uint16_t attr,
 			     const void *data, uint32_t data_len)
 {
-	if (attr > NFTNL_TABLE_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_TABLE_MAX);
 	nftnl_assert_validate(data, nftnl_table_validate, attr, data_len);
 
 	switch (attr) {
diff --git a/src/utils.c b/src/utils.c
index 22710b9..e2715a2 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -269,6 +269,14 @@ out:
 	return ret;
 }
 
+void __nftnl_assert_attr_exists(uint16_t attr, uint16_t attr_max,
+				const char *filename, int line)
+{
+	fprintf(stderr, "libnftnl: attribute %d > %d (maximum) assertion failed in %s:%d\n",
+		attr, attr_max, filename, line);
+	exit(EXIT_FAILURE);
+}
+
 void __nftnl_assert_fail(uint16_t attr, const char *filename, int line)
 {
 	fprintf(stderr, "libnftnl: attribute %d assertion failed in %s:%d\n",
-- 
cgit v1.2.3