From aef75641d196ddc199df35092823f178b998a6a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Falgueras=20Garc=C3=ADa?= Date: Mon, 30 May 2016 18:35:40 +0200 Subject: parser: cap comment length to 128 bytes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pablo rewrites this description to: "The user data area available is 256 bytes (NFT_USERDATA_MAXLEN). We plan to allow storing other useful information such as datatypes in set elements, so make sure there is room for this." Example: > nft add table t > nft add chain t c > nft add rule t c ip saddr 1.1.1.1 counter comment "abc...xyz" # len > 128 :1:47-N: Error: Comment too long. 128 characters maximum allowed add rule t c ip saddr 1.1.1.1 counter comment abc...xyz ^^^^^^^^^ Signed-off-by: Carlos Falgueras GarcĂ­a Signed-off-by: Pablo Neira Ayuso --- src/parser_bison.y | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/parser_bison.y b/src/parser_bison.y index 6f51a49d..dfdf2377 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1275,6 +1275,11 @@ ruleid_spec : chain_spec handle_spec position_spec comment_spec : COMMENT string { + if (strlen($2) > UDATA_COMMENT_MAXLEN) { + erec_queue(error(&@2, "comment too long, %d characters maximum allowed", UDATA_COMMENT_MAXLEN), + state->msgs); + YYERROR; + } $$ = $2; } ; -- cgit v1.2.3