From bda7102d60bfdab2aa3f36ebd09a119206f264d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Falgueras=20Garc=C3=ADa?= <carlosfg@riseup.net>
Date: Mon, 11 Jul 2016 18:07:40 +0200
Subject: src: Fix nftnl_*_get_data() to return the real attribute length
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

All getters must set the memory size of the attributes, ie. this
includes the nul-termination in strings.

For references to opaque objects hidden behind the curtain, report
a zero size.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/chain.c       | 3 +++
 src/expr.c        | 1 +
 src/expr/dynset.c | 3 +++
 src/expr/lookup.c | 3 +++
 src/gen.c         | 1 +
 src/rule.c        | 2 ++
 src/set.c         | 2 ++
 src/set_elem.c    | 6 ++++++
 src/table.c       | 1 +
 src/trace.c       | 6 +++---
 10 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/src/chain.c b/src/chain.c
index cab64b5..4c562fe 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -272,8 +272,10 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr,
 
 	switch(attr) {
 	case NFTNL_CHAIN_NAME:
+		*data_len = strlen(c->name) + 1;
 		return c->name;
 	case NFTNL_CHAIN_TABLE:
+		*data_len = strlen(c->table) + 1;
 		return c->table;
 	case NFTNL_CHAIN_HOOKNUM:
 		*data_len = sizeof(uint32_t);
@@ -303,6 +305,7 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr,
 		*data_len = sizeof(uint32_t);
 		return c->type;
 	case NFTNL_CHAIN_DEV:
+		*data_len = strlen(c->dev) + 1;
 		return c->dev;
 	}
 	return NULL;
diff --git a/src/expr.c b/src/expr.c
index f802725..e5c1dd3 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -119,6 +119,7 @@ const void *nftnl_expr_get(const struct nftnl_expr *expr,
 
 	switch(type) {
 	case NFTNL_EXPR_NAME:
+		*data_len = strlen(expr->ops->name) + 1;
 		ret = expr->ops->name;
 		break;
 	default:
diff --git a/src/expr/dynset.c b/src/expr/dynset.c
index 0404359..111bf8c 100644
--- a/src/expr/dynset.c
+++ b/src/expr/dynset.c
@@ -88,10 +88,13 @@ nftnl_expr_dynset_get(const struct nftnl_expr *e, uint16_t type,
 		*data_len = sizeof(dynset->timeout);
 		return &dynset->timeout;
 	case NFTNL_EXPR_DYNSET_SET_NAME:
+		*data_len = strlen(dynset->set_name) + 1;
 		return dynset->set_name;
 	case NFTNL_EXPR_DYNSET_SET_ID:
+		*data_len = sizeof(dynset->set_id);
 		return &dynset->set_id;
 	case NFTNL_EXPR_DYNSET_EXPR:
+		*data_len = 0;
 		return dynset->expr;
 	}
 	return NULL;
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 7f68f74..16cfce2 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -73,10 +73,13 @@ nftnl_expr_lookup_get(const struct nftnl_expr *e, uint16_t type,
 		*data_len = sizeof(lookup->dreg);
 		return &lookup->dreg;
 	case NFTNL_EXPR_LOOKUP_SET:
+		*data_len = strlen(lookup->set_name) + 1;
 		return lookup->set_name;
 	case NFTNL_EXPR_LOOKUP_SET_ID:
+		*data_len = sizeof(lookup->set_id);
 		return &lookup->set_id;
 	case NFTNL_EXPR_LOOKUP_FLAGS:
+		*data_len = sizeof(lookup->flags);
 		return &lookup->flags;
 	}
 	return NULL;
diff --git a/src/gen.c b/src/gen.c
index 37a9049..c69d2f8 100644
--- a/src/gen.c
+++ b/src/gen.c
@@ -100,6 +100,7 @@ const void *nftnl_gen_get_data(const struct nftnl_gen *gen, uint16_t attr,
 
 	switch(attr) {
 	case NFTNL_GEN_ID:
+		*data_len = sizeof(gen->id);
 		return &gen->id;
 	}
 	return NULL;
diff --git a/src/rule.c b/src/rule.c
index 2b23c8e..a0edca7 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -213,8 +213,10 @@ const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr,
 		*data_len = sizeof(uint32_t);
 		return &r->family;
 	case NFTNL_RULE_TABLE:
+		*data_len = strlen(r->table) + 1;
 		return r->table;
 	case NFTNL_RULE_CHAIN:
+		*data_len = strlen(r->chain) + 1;
 		return r->chain;
 	case NFTNL_RULE_HANDLE:
 		*data_len = sizeof(uint64_t);
diff --git a/src/set.c b/src/set.c
index e48ff78..8a592db 100644
--- a/src/set.c
+++ b/src/set.c
@@ -215,8 +215,10 @@ const void *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr,
 
 	switch(attr) {
 	case NFTNL_SET_TABLE:
+		*data_len = strlen(s->table) + 1;
 		return s->table;
 	case NFTNL_SET_NAME:
+		*data_len = strlen(s->name) + 1;
 		return s->name;
 	case NFTNL_SET_FLAGS:
 		*data_len = sizeof(uint32_t);
diff --git a/src/set_elem.c b/src/set_elem.c
index 40b5bfe..4e89210 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -160,25 +160,31 @@ const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t
 
 	switch(attr) {
 	case NFTNL_SET_ELEM_FLAGS:
+		*data_len = sizeof(s->set_elem_flags);
 		return &s->set_elem_flags;
 	case NFTNL_SET_ELEM_KEY:	/* NFTA_SET_ELEM_KEY */
 		*data_len = s->key.len;
 		return &s->key.val;
 	case NFTNL_SET_ELEM_VERDICT:	/* NFTA_SET_ELEM_DATA */
+		*data_len = sizeof(s->data.verdict);
 		return &s->data.verdict;
 	case NFTNL_SET_ELEM_CHAIN:	/* NFTA_SET_ELEM_DATA */
+		*data_len = strlen(s->data.chain) + 1;
 		return s->data.chain;
 	case NFTNL_SET_ELEM_DATA:	/* NFTA_SET_ELEM_DATA */
 		*data_len = s->data.len;
 		return &s->data.val;
 	case NFTNL_SET_ELEM_TIMEOUT:	/* NFTA_SET_ELEM_TIMEOUT */
+		*data_len = sizeof(s->timeout);
 		return &s->timeout;
 	case NFTNL_SET_ELEM_EXPIRATION:	/* NFTA_SET_ELEM_EXPIRATION */
+		*data_len = sizeof(s->expiration);
 		return &s->expiration;
 	case NFTNL_SET_ELEM_USERDATA:
 		*data_len = s->user.len;
 		return s->user.data;
 	case NFTNL_SET_ELEM_EXPR:
+		*data_len = 0;
 		return s->expr;
 	}
 	return NULL;
diff --git a/src/table.c b/src/table.c
index 966b923..3d4d7b9 100644
--- a/src/table.c
+++ b/src/table.c
@@ -143,6 +143,7 @@ const void *nftnl_table_get_data(const struct nftnl_table *t, uint16_t attr,
 
 	switch(attr) {
 	case NFTNL_TABLE_NAME:
+		*data_len = strlen(t->name) + 1;
 		return t->name;
 	case NFTNL_TABLE_FLAGS:
 		*data_len = sizeof(uint32_t);
diff --git a/src/trace.c b/src/trace.c
index d8f561d..1a50390 100644
--- a/src/trace.c
+++ b/src/trace.c
@@ -165,13 +165,13 @@ const void *nftnl_trace_get_data(const struct nftnl_trace *trace,
 		*data_len = sizeof(uint32_t);
 		return &trace->type;
 	case NFTNL_TRACE_CHAIN:
-		*data_len = strlen(trace->chain);
+		*data_len = strlen(trace->chain) + 1;
 		return trace->chain;
 	case NFTNL_TRACE_TABLE:
-		*data_len = strlen(trace->table);
+		*data_len = strlen(trace->table) + 1;
 		return trace->table;
 	case NFTNL_TRACE_JUMP_TARGET:
-		*data_len = strlen(trace->jump_target);
+		*data_len = strlen(trace->jump_target) + 1;
 		return trace->jump_target;
 	case NFTNL_TRACE_TRANSPORT_HEADER:
 		*data_len = trace->th.len;
-- 
cgit v1.2.3