From ede1781101f669312ae513a83932f0c727738df9 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 4 Oct 2019 21:25:50 +0200
Subject: set_elem: Validate nftnl_set_elem_set() parameters

Copying from nftnl_table_set_data(), validate input to
nftnl_set_elem_set() as well. Given that for some attributes the
function assumes passed data size, this seems necessary.

Since data size expected for NFTNL_SET_ELEM_VERDICT attribute is
sizeof(uint32_t), change type of 'verdict' field in union nftnl_data_reg
accordingly.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/data_reg.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/data_reg.h')

diff --git a/include/data_reg.h b/include/data_reg.h
index f2675f2..10517ba 100644
--- a/include/data_reg.h
+++ b/include/data_reg.h
@@ -19,7 +19,7 @@ union nftnl_data_reg {
 		uint32_t	len;
 	};
 	struct {
-		int		verdict;
+		uint32_t	verdict;
 		const char	*chain;
 	};
 };
-- 
cgit v1.2.3