obj: Call obj_ops::set with legal attributes only

author Phil Sutter <phil@nwl.cc>

Thu, 7 Mar 2024 12:25:31 +0000 (13:25 +0100)

committer Phil Sutter <phil@nwl.cc>

Wed, 10 Apr 2024 23:27:07 +0000 (01:27 +0200)
author Phil Sutter <phil@nwl.cc>
Thu, 7 Mar 2024 12:25:31 +0000 (13:25 +0100)
committer Phil Sutter <phil@nwl.cc>
Wed, 10 Apr 2024 23:27:07 +0000 (01:27 +0200)
diff --git a/src/obj/counter.c b/src/obj/counter.c

index 76a1b20f19c309e62bc6e356d04d98ed8339b4c8..982da2c6678e56cf02e7af084eb4642d8a42190f 100644 (file)
--- a/src/obj/counter.c
+++ b/src/obj/counter.c
@@ -34,8 +34,6 @@ nftnl_obj_counter_set(struct nftnl_obj *e, uint16_t type,
         case NFTNL_OBJ_CTR_PKTS:
                 memcpy(&ctr->pkts, data, sizeof(ctr->pkts));
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c

index 7e9c5e1b9e48c9e600c4c35e600ce813589b5857..60014dc9848b58276fc1b6211b45b50057cc0113 100644 (file)
--- a/src/obj/ct_expect.c
+++ b/src/obj/ct_expect.c
@@ -35,8 +35,6 @@ static int nftnl_obj_ct_expect_set(struct nftnl_obj *e, uint16_t type,
         case NFTNL_OBJ_CT_EXPECT_SIZE:
                 memcpy(&exp->size, data, sizeof(exp->size));
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c

index f8aa73408839c5a0896f5345af9e6f0c57330fe5..b8b05fd9eee8c073cc428150af90748473dda26f 100644 (file)
--- a/src/obj/ct_helper.c
+++ b/src/obj/ct_helper.c
@@ -37,8 +37,6 @@ static int nftnl_obj_ct_helper_set(struct nftnl_obj *e, uint16_t type,
         case NFTNL_OBJ_CT_HELPER_L4PROTO:
                 memcpy(&helper->l4proto, data, sizeof(helper->l4proto));
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c

index ee86231f42965adbf485b6e7ed78247bcced341b..011d92867a077bd28a35392326cc34e102e2e189 100644 (file)
--- a/src/obj/ct_timeout.c
+++ b/src/obj/ct_timeout.c
@@ -162,8 +162,6 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type,
                 memcpy(timeout->timeout, data,
                        sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX);
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/obj/limit.c b/src/obj/limit.c

index 1c54bbca72fefe79878f8569ef6ab261c3563f11..83cb1935fc8e9064e648db24a4c484c62cfa7ac4 100644 (file)
--- a/src/obj/limit.c
+++ b/src/obj/limit.c
@@ -42,8 +42,6 @@ static int nftnl_obj_limit_set(struct nftnl_obj *e, uint16_t type,
         case NFTNL_OBJ_LIMIT_FLAGS:
                 memcpy(&limit->flags, data, sizeof(limit->flags));
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/obj/quota.c b/src/obj/quota.c

index a39d552d923f27abd9b7b29d25b7beed1b6cc751..665d7caf4a5d55679311101f3cb3762106d7f6d4 100644 (file)
--- a/src/obj/quota.c
+++ b/src/obj/quota.c
@@ -36,8 +36,6 @@ static int nftnl_obj_quota_set(struct nftnl_obj *e, uint16_t type,
         case NFTNL_OBJ_QUOTA_FLAGS:
                 memcpy(&quota->flags, data, sizeof(quota->flags));
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/obj/secmark.c b/src/obj/secmark.c

index c78e35f2c284f769fe661279f1991375b5bc222c..83cd1dc2264ede751a49e6a50ec4fc20ef8991f6 100644 (file)
--- a/src/obj/secmark.c
+++ b/src/obj/secmark.c
@@ -30,8 +30,6 @@ static int nftnl_obj_secmark_set(struct nftnl_obj *e, uint16_t type,
         case NFTNL_OBJ_SECMARK_CTX:
                 snprintf(secmark->ctx, sizeof(secmark->ctx), "%s", (const char *)data);
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c

index d259a517bebbfc770a7ba7a22d668b999802a304..f7c77627b56e9585d1ca832e6457834fdf813f1b 100644 (file)
--- a/src/obj/synproxy.c
+++ b/src/obj/synproxy.c
@@ -27,8 +27,6 @@ static int nftnl_obj_synproxy_set(struct nftnl_obj *e, uint16_t type,
         case NFTNL_OBJ_SYNPROXY_FLAGS:
                 memcpy(&synproxy->flags, data, data_len);
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c

index 19a3639eafc01a2dd1b0598c313662bc902ec97f..72985eeb761cd6b9967f2632a79629f5fc675703 100644 (file)
--- a/src/obj/tunnel.c
+++ b/src/obj/tunnel.c
@@ -76,8 +76,6 @@ nftnl_obj_tunnel_set(struct nftnl_obj *e, uint16_t type,
         case NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR:
                 memcpy(&tun->u.tun_erspan.u.v2.dir, data, sizeof(tun->u.tun_erspan.u.v2.dir));
                 break;
-       default:
-               return -1;
         }
         return 0;
  }
diff --git a/src/object.c b/src/object.c

index d363725e10fb8e92a2e454559e26a0929cf7b4bb..bd4e51a21aea9ae456ad4c01a822a6f276353b59 100644 (file)
--- a/src/object.c
+++ b/src/object.c
@@ -149,7 +149,9 @@ int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
                 obj->user.len = data_len;
                 break;
         default:
-               if (!obj->ops)
+               if (!obj->ops ||
+                   attr < NFTNL_OBJ_BASE ||
+                   attr > obj->ops->nftnl_max_attr)
                         return -1;
  
                 if (obj->ops->set(obj, attr, data, data_len) < 0)
author	Phil Sutter <phil@nwl.cc>
	Thu, 7 Mar 2024 12:25:31 +0000 (13:25 +0100)
committer	Phil Sutter <phil@nwl.cc>
	Wed, 10 Apr 2024 23:27:07 +0000 (01:27 +0200)
src/obj/counter.c		patch \| blob \| blame \| history
src/obj/ct_expect.c		patch \| blob \| blame \| history
src/obj/ct_helper.c		patch \| blob \| blame \| history
src/obj/ct_timeout.c		patch \| blob \| blame \| history
src/obj/limit.c		patch \| blob \| blame \| history
src/obj/quota.c		patch \| blob \| blame \| history
src/obj/secmark.c		patch \| blob \| blame \| history
src/obj/synproxy.c		patch \| blob \| blame \| history
src/obj/tunnel.c		patch \| blob \| blame \| history
src/object.c		patch \| blob \| blame \| history