From be0bae0ad31b0adb506f96de083f52a2bd0d4fbf Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 7 Mar 2024 14:49:08 +0100 Subject: expr: Respect data_len when setting attributes With attr_policy in place, data_len has an upper boundary but it may be lower than the attribute's storage area in which case memcpy() would read garbage. Signed-off-by: Phil Sutter --- src/expr/range.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/expr/range.c') diff --git a/src/expr/range.c b/src/expr/range.c index 6310b79..96bb140 100644 --- a/src/expr/range.c +++ b/src/expr/range.c @@ -34,10 +34,10 @@ static int nftnl_expr_range_set(struct nftnl_expr *e, uint16_t type, switch(type) { case NFTNL_EXPR_RANGE_SREG: - memcpy(&range->sreg, data, sizeof(range->sreg)); + memcpy(&range->sreg, data, data_len); break; case NFTNL_EXPR_RANGE_OP: - memcpy(&range->op, data, sizeof(range->op)); + memcpy(&range->op, data, data_len); break; case NFTNL_EXPR_RANGE_FROM_DATA: return nftnl_data_cpy(&range->data_from, data, data_len); -- cgit v1.2.3