summaryrefslogtreecommitdiffstats
path: root/src/mnl.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-11-14 22:41:26 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2016-11-14 22:41:26 +0100
commit493cbf585d8f9a2a79a86e5bbca600ca1ea8ab60 (patch)
treee0c639822b6cee1d552a1c945da8c1b59fddd460 /src/mnl.c
parenta84921d7c0de950632ab4630dd4f7ad763e9e453 (diff)
mnl: use nftnl_set_elems_nlmsg_build_payload_iter() when deleting elements
Otherwise, nft crashes when deleting a very large number of elements. *** stack smashing detected ***: nft terminated Segmentation fault Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/mnl.c')
-rw-r--r--src/mnl.c25
1 files changed, 11 insertions, 14 deletions
diff --git a/src/mnl.c b/src/mnl.c
index 52875f4a..137ecf0d 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -867,8 +867,9 @@ static int set_elem_cb(const struct nlmsghdr *nlh, void *data)
return MNL_CB_OK;
}
-int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags,
- uint32_t seqnum)
+static int mnl_nft_setelem_batch(struct nftnl_set *nls,
+ enum nf_tables_msg_types cmd,
+ unsigned int flags, uint32_t seqnum)
{
struct nlmsghdr *nlh;
struct nftnl_set_elems_iter *iter;
@@ -880,8 +881,7 @@ int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags,
do {
nlh = nftnl_set_elem_nlmsg_build_hdr(nftnl_batch_buffer(batch),
- NFT_MSG_NEWSETELEM,
- nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
+ cmd, nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
NLM_F_CREATE | flags, seqnum);
ret = nftnl_set_elems_nlmsg_build_payload_iter(nlh, iter);
mnl_nft_batch_continue();
@@ -892,19 +892,16 @@ int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags,
return 0;
}
-int mnl_nft_setelem_batch_del(struct nftnl_set *nls, unsigned int flags,
+int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags,
uint32_t seqnum)
{
- struct nlmsghdr *nlh;
-
- nlh = nftnl_set_elem_nlmsg_build_hdr(nftnl_batch_buffer(batch),
- NFT_MSG_DELSETELEM,
- nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
- 0, seqnum);
- nftnl_set_elems_nlmsg_build_payload(nlh, nls);
- mnl_nft_batch_continue();
+ return mnl_nft_setelem_batch(nls, NFT_MSG_NEWSETELEM, flags, seqnum);
+}
- return 0;
+int mnl_nft_setelem_batch_del(struct nftnl_set *nls, unsigned int flags,
+ uint32_t seqnum)
+{
+ return mnl_nft_setelem_batch(nls, NFT_MSG_DELSETELEM, flags, seqnum);
}
int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nftnl_set *nls)