]> git.ipfire.org Git - thirdparty/libnftnl.git/commitdiff
projects / thirdparty / libnftnl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f8348db)
obj: Enforce attr_policy compliance in nftnl_obj_set_data()
authorPhil Sutter <phil@nwl.cc>
Thu, 7 Mar 2024 12:56:14 +0000 (13:56 +0100)
committerPhil Sutter <phil@nwl.cc>
Wed, 10 Apr 2024 23:27:07 +0000 (01:27 +0200)
Every object type defines an attr_policy array, so deny setting
attributes for object types which don't have it present or if it
specifies a non-zero maxlen which is lower than the given data_len.

Signed-off-by: Phil Sutter <phil@nwl.cc>
src/object.c patch | blob | blame | history

diff --git a/src/object.c b/src/object.c
index bd4e51a21aea9ae456ad4c01a822a6f276353b59..2ddaa29cda0bedbe10c612c00515ce6a24f348a2 100644 (file)
--- a/src/object.c
+++ b/src/object.c
@@ -151,7 +151,12 @@ int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
        default:
                if (!obj->ops ||
                    attr < NFTNL_OBJ_BASE ||
-                   attr > obj->ops->nftnl_max_attr)
+                   attr > obj->ops->nftnl_max_attr ||
+                   !obj->ops->attr_policy)
+                       return -1;
+
+               if (obj->ops->attr_policy[attr].maxlen &&
+                   obj->ops->attr_policy[attr].maxlen < data_len)
                        return -1;
 
                if (obj->ops->set(obj, attr, data, data_len) < 0)
Mirror of https://git.netfilter.org/libnftnl