]> git.ipfire.org Git - thirdparty/libnftnl.git/commitdiff
projects / thirdparty / libnftnl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 38e7033)
obj: ct_timeout: Check return code of mnl_attr_parse_nested()
authorPhil Sutter <phil@nwl.cc>
Fri, 4 Oct 2019 19:05:44 +0000 (21:05 +0200)
committerPhil Sutter <phil@nwl.cc>
Tue, 15 Oct 2019 16:27:43 +0000 (18:27 +0200)
Don't ignore nested attribute parsing errors, this may hide bugs in
users' code.

Fixes: 0adceeab1597a ("src: add ct timeout support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/obj/ct_timeout.c patch | blob | blame | history

diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c
index e2e99917de7aed8df2ad4cfe64be8f0a7b12f97e..a439432deee183df6c878d9663143aff3002d566 100644 (file)
--- a/src/obj/ct_timeout.c
+++ b/src/obj/ct_timeout.c
@@ -116,7 +116,7 @@ parse_timeout_attr_policy_cb(const struct nlattr *attr, void *data)
        return MNL_CB_OK;
 }
 
-static void
+static int
 timeout_parse_attr_data(struct nftnl_obj *e,
                        const struct nlattr *nest)
 {
@@ -131,7 +131,8 @@ timeout_parse_attr_data(struct nftnl_obj *e,
 
        memset(tb, 0, sizeof(struct nlattr *) * attr_max);
 
-       mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt);
+       if (mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt) < 0)
+               return -1;
 
        for (i = 1; i <= attr_max; i++) {
                if (tb[i]) {
@@ -139,6 +140,7 @@ timeout_parse_attr_data(struct nftnl_obj *e,
                                ntohl(mnl_attr_get_u32(tb[i])));
                }
        }
+       return 0;
 }
 
 static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type,
@@ -248,7 +250,8 @@ nftnl_obj_ct_timeout_parse(struct nftnl_obj *e, struct nlattr *attr)
                e->flags |= (1 << NFTNL_OBJ_CT_TIMEOUT_L4PROTO);
        }
        if (tb[NFTA_CT_TIMEOUT_DATA]) {
-               timeout_parse_attr_data(e, tb[NFTA_CT_TIMEOUT_DATA]);
+               if (timeout_parse_attr_data(e, tb[NFTA_CT_TIMEOUT_DATA]) < 0)
+                       return -1;
                e->flags |= (1 << NFTNL_OBJ_CT_TIMEOUT_ARRAY);
        }
        return 0;
Mirror of https://git.netfilter.org/libnftnl