set: Don't bypass checks in nftnl_set_set_u{32,64}()

By calling nftnl_set_set(), any data size checks are effectively
bypassed. Better call nftnl_set_set_data() directly, passing the real
size for validation.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/set.c b/src/set.c
index e6db7258cc22488b57ff29e5c01734f7a76a8187..5e49a6d04f2dc9faa3f89e999d1ff9f5be59e03b 100644 (file)
--- a/src/set.c
+++ b/src/set.c
@@ -204,13 +204,13 @@ int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data)
 EXPORT_SYMBOL(nftnl_set_set_u32);
 void nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val)
 {
-       nftnl_set_set(s, attr, &val);
+       nftnl_set_set_data(s, attr, &val, sizeof(uint32_t));
 }
 
 EXPORT_SYMBOL(nftnl_set_set_u64);
 void nftnl_set_set_u64(struct nftnl_set *s, uint16_t attr, uint64_t val)
 {
-       nftnl_set_set(s, attr, &val);
+       nftnl_set_set_data(s, attr, &val, sizeof(uint64_t));
 }
 
 EXPORT_SYMBOL(nftnl_set_set_str);