src: assert when setting unknown attributes

author Pablo Neira Ayuso <pablo@netfilter.org>

Fri, 10 Jun 2016 12:13:00 +0000 (14:13 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Wed, 15 Jun 2016 10:12:38 +0000 (12:12 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Fri, 10 Jun 2016 12:13:00 +0000 (14:13 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Wed, 15 Jun 2016 10:12:38 +0000 (12:12 +0200)
diff --git a/include/utils.h b/include/utils.h

index 46ff18a1fa769bdf3db685cf5c2553f3026d3b42..21694b6ab19126be369b3e599fff8194dcb1d13b 100644 (file)
--- a/include/utils.h
+++ b/include/utils.h
@@ -43,6 +43,15 @@ void __nftnl_assert_fail(uint16_t attr, const char *filename, int line);
                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
  })
  
+void __nftnl_assert_attr_exists(uint16_t attr, uint16_t attr_max,
+                               const char *filename, int line);
+
+#define nftnl_assert_attr_exists(_attr, _attr_max)                                     \
+({                                                                                     \
+       if (_attr > _attr_max)                                                          \
+               __nftnl_assert_attr_exists(_attr, _attr_max, __FILE__, __LINE__);       \
+})
+
  #define SNPRINTF_BUFFER_SIZE(ret, size, len, offset)   \
         if (ret < 0)                                    \
                 return ret;                             \
diff --git a/src/chain.c b/src/chain.c

index 990c576613a6649ed42f8a8ae437f27446fbe28b..c7a9597eef995a17f7e8bf8a08523d431330830a 100644 (file)
--- a/src/chain.c
+++ b/src/chain.c
@@ -168,9 +168,7 @@ static uint32_t nftnl_chain_validate[NFTNL_CHAIN_MAX + 1] = {
  void nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr,
                              const void *data, uint32_t data_len)
  {
-       if (attr > NFTNL_CHAIN_MAX)
-               return;
-
+       nftnl_assert_attr_exists(attr, NFTNL_CHAIN_MAX);
         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
  
         switch(attr) {
diff --git a/src/gen.c b/src/gen.c

index 115a1058ba61e320e4d3a42d9d9e6b9bc4e1c5f8..ea29e2a290f4a069cea6150f6441250f556c89dc 100644 (file)
--- a/src/gen.c
+++ b/src/gen.c
@@ -67,9 +67,7 @@ static uint32_t nftnl_gen_validate[NFTNL_GEN_MAX + 1] = {
  void nftnl_gen_set_data(struct nftnl_gen *gen, uint16_t attr,
                            const void *data, uint32_t data_len)
  {
-       if (attr > NFTNL_GEN_MAX)
-               return;
-
+       nftnl_assert_attr_exists(attr, NFTNL_GEN_MAX);
         nftnl_assert_validate(data, nftnl_gen_validate, attr, data_len);
  
         switch (attr) {
diff --git a/src/rule.c b/src/rule.c

index 04cadaee39199fc143c48f2ff456657841fa0184..e63c9614b7c2ebcdaf021c5c0e606fed1b092ec9 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -132,9 +132,7 @@ static uint32_t nftnl_rule_validate[NFTNL_RULE_MAX + 1] = {
  void nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
                             const void *data, uint32_t data_len)
  {
-       if (attr > NFTNL_RULE_MAX)
-               return;
-
+       nftnl_assert_attr_exists(attr, NFTNL_RULE_MAX);
         nftnl_assert_validate(data, nftnl_rule_validate, attr, data_len);
  
         switch(attr) {
diff --git a/src/set.c b/src/set.c

index dbea93b5162bd75667e7cbdc066beef471899f9f..d2467e4c6583be261687e27b84e53ec3686ed2cd 100644 (file)
--- a/src/set.c
+++ b/src/set.c
@@ -116,9 +116,7 @@ static uint32_t nftnl_set_validate[NFTNL_SET_MAX + 1] = {
  void nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
                            uint32_t data_len)
  {
-       if (attr > NFTNL_SET_MAX)
-               return;
-
+       nftnl_assert_attr_exists(attr, NFTNL_SET_MAX);
         nftnl_assert_validate(data, nftnl_set_validate, attr, data_len);
  
         switch(attr) {
diff --git a/src/table.c b/src/table.c

index 42fe49f8e0028834a355576970840f9426957e47..7eefc7019f05a99c81d9015e6f207f6607babc7f 100644 (file)
--- a/src/table.c
+++ b/src/table.c
@@ -87,9 +87,7 @@ static uint32_t nftnl_table_validate[NFTNL_TABLE_MAX + 1] = {
  void nftnl_table_set_data(struct nftnl_table *t, uint16_t attr,
                              const void *data, uint32_t data_len)
  {
-       if (attr > NFTNL_TABLE_MAX)
-               return;
-
+       nftnl_assert_attr_exists(attr, NFTNL_TABLE_MAX);
         nftnl_assert_validate(data, nftnl_table_validate, attr, data_len);
  
         switch (attr) {
diff --git a/src/utils.c b/src/utils.c

index 22710b94c39103122d1558114acd72a52eeaa1a6..e2715a216f18521b1a0e50455b04c39ada6c7eb7 100644 (file)
--- a/src/utils.c
+++ b/src/utils.c
@@ -269,6 +269,14 @@ out:
         return ret;
  }
  
+void __nftnl_assert_attr_exists(uint16_t attr, uint16_t attr_max,
+                               const char *filename, int line)
+{
+       fprintf(stderr, "libnftnl: attribute %d > %d (maximum) assertion failed in %s:%d\n",
+               attr, attr_max, filename, line);
+       exit(EXIT_FAILURE);
+}
+
  void __nftnl_assert_fail(uint16_t attr, const char *filename, int line)
  {
         fprintf(stderr, "libnftnl: attribute %d assertion failed in %s:%d\n",
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 10 Jun 2016 12:13:00 +0000 (14:13 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 15 Jun 2016 10:12:38 +0000 (12:12 +0200)
include/utils.h		patch \| blob \| blame \| history
src/chain.c		patch \| blob \| blame \| history
src/gen.c		patch \| blob \| blame \| history
src/rule.c		patch \| blob \| blame \| history
src/set.c		patch \| blob \| blame \| history
src/table.c		patch \| blob \| blame \| history
src/utils.c		patch \| blob \| blame \| history