summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorCarlos Falgueras García <carlosfg@riseup.net>2016-05-30 18:35:40 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-05-30 19:37:50 +0200
commitaef75641d196ddc199df35092823f178b998a6a3 (patch)
treea956ac558c10a4a5335158de700ea22fc311a4f9 /src
parentab88635f6f71fbacdbcba05e70058d31e70bcd66 (diff)
parser: cap comment length to 128 bytes
Pablo rewrites this description to: "The user data area available is 256 bytes (NFT_USERDATA_MAXLEN). We plan to allow storing other useful information such as datatypes in set elements, so make sure there is room for this." Example: > nft add table t > nft add chain t c > nft add rule t c ip saddr 1.1.1.1 counter comment "abc...xyz" # len > 128 <cmdline>:1:47-N: Error: Comment too long. 128 characters maximum allowed add rule t c ip saddr 1.1.1.1 counter comment abc...xyz ^^^^^^^^^ Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/parser_bison.y5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 6f51a49d..dfdf2377 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1275,6 +1275,11 @@ ruleid_spec : chain_spec handle_spec position_spec
comment_spec : COMMENT string
{
+ if (strlen($2) > UDATA_COMMENT_MAXLEN) {
+ erec_queue(error(&@2, "comment too long, %d characters maximum allowed", UDATA_COMMENT_MAXLEN),
+ state->msgs);
+ YYERROR;
+ }
$$ = $2;
}
;