]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 023c2d3)
mnl: Don't use nftnl_set_set()
authorPhil Sutter <phil@nwl.cc>
Tue, 15 Oct 2019 13:58:13 +0000 (15:58 +0200)
committerPhil Sutter <phil@nwl.cc>
Tue, 15 Oct 2019 15:16:20 +0000 (17:16 +0200)
The function is unsafe to use as it effectively bypasses data length
checks. Instead use nftnl_set_set_str() which at least asserts a const
char pointer is passed.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/mnl.c patch | blob | blame | history

diff --git a/src/mnl.c b/src/mnl.c
index 14fa4a7186fd3fb6e2be94471b8e7977a3f4826b..75ab07b045aa55febb6074fb461159191b05eadb 100644 (file)
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -945,7 +945,7 @@ mnl_nft_set_dump(struct netlink_ctx *ctx, int family, const char *table)
        nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
                                    NLM_F_DUMP, ctx->seqnum);
        if (table != NULL)
-               nftnl_set_set(s, NFTNL_SET_TABLE, table);
+               nftnl_set_set_str(s, NFTNL_SET_TABLE, table);
        nftnl_set_nlmsg_build_payload(nlh, s);
        nftnl_set_free(s);
 
Mirror of git://git.netfilter.org/nftables