udata: refuse to put more than UINT8_MAX bytes

->len is uint8_t, so we can't handle more than this.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/udata.c b/src/udata.c
index 6bd965161c43f062023c5f0b3cbd4d743257f245..b5a47295b40d147cd6e2eefde12dc6162675e947 100644 (file)
--- a/src/udata.c
+++ b/src/udata.c
@@ -74,7 +74,7 @@ bool nftnl_udata_put(struct nftnl_udata_buf *buf, uint8_t type, uint32_t len,
 {
        struct nftnl_udata *attr;
 
-       if (buf->size < len + sizeof(struct nftnl_udata))
+       if (len > UINT8_MAX || buf->size < len + sizeof(struct nftnl_udata))
                return false;
 
        attr = (struct nftnl_udata *)buf->end;