And pass up an error to the caller.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
if (tb[NFTA_HOOK_DEV]) {
c->dev = strdup(mnl_attr_get_str(tb[NFTA_HOOK_DEV]));
+ if (!c->dev)
+ return -1;
c->flags |= (1 << NFTNL_CHAIN_DEV);
}
if (tb[NFTA_CHAIN_TABLE]) {
xfree(c->table);
c->table = strdup(mnl_attr_get_str(tb[NFTA_CHAIN_TABLE]));
+ if (!c->table)
+ return -1;
c->flags |= (1 << NFTNL_CHAIN_TABLE);
}
if (tb[NFTA_CHAIN_HOOK]) {
if (tb[NFTA_CHAIN_TYPE]) {
xfree(c->type);
c->type = strdup(mnl_attr_get_str(tb[NFTA_CHAIN_TYPE]));
+ if (!c->type)
+ return -1;
c->flags |= (1 << NFTNL_CHAIN_TYPE);
}
return -1;
data->chain = strdup(mnl_attr_get_str(tb[NFTA_VERDICT_CHAIN]));
+ if (!data->chain)
+ return -1;
+
if (type)
*type = DATA_CHAIN;
break;
break;
case NFTNL_EXPR_DYNSET_SET_NAME:
dynset->set_name = strdup((const char *)data);
+ if (!dynset->set_name)
+ return -1;
break;
case NFTNL_EXPR_DYNSET_SET_ID:
dynset->set_id = *((uint32_t *)data);
if (tb[NFTA_DYNSET_SET_NAME]) {
dynset->set_name =
strdup(mnl_attr_get_str(tb[NFTA_DYNSET_SET_NAME]));
+ if (!dynset->set_name)
+ return -1;
e->flags |= (1 << NFTNL_EXPR_DYNSET_SET_NAME);
}
if (tb[NFTA_DYNSET_SET_ID]) {
xfree(imm->data.chain);
imm->data.chain = strdup(data);
+ if (!imm->data.chain)
+ return -1;
break;
default:
return -1;
xfree(log->prefix);
log->prefix = strdup(data);
+ if (!log->prefix)
+ return -1;
break;
case NFTNL_EXPR_LOG_GROUP:
log->group = *((uint16_t *)data);
xfree(log->prefix);
log->prefix = strdup(mnl_attr_get_str(tb[NFTA_LOG_PREFIX]));
+ if (!log->prefix)
+ return -1;
e->flags |= (1 << NFTNL_EXPR_LOG_PREFIX);
}
if (tb[NFTA_LOG_GROUP]) {
break;
case NFTNL_EXPR_LOOKUP_SET:
lookup->set_name = strdup((const char *)data);
+ if (!lookup->set_name)
+ return -1;
break;
case NFTNL_EXPR_LOOKUP_SET_ID:
lookup->set_id = *((uint32_t *)data);
if (tb[NFTA_LOOKUP_SET]) {
lookup->set_name =
strdup(mnl_attr_get_str(tb[NFTA_LOOKUP_SET]));
+ if (!lookup->set_name)
+ return -1;
e->flags |= (1 << NFTNL_EXPR_LOOKUP_SET);
}
if (tb[NFTA_LOOKUP_SET_ID]) {
if (tb[NFTA_RULE_TABLE]) {
xfree(r->table);
r->table = strdup(mnl_attr_get_str(tb[NFTA_RULE_TABLE]));
+ if (!r->table)
+ return -1;
r->flags |= (1 << NFTNL_RULE_TABLE);
}
if (tb[NFTA_RULE_CHAIN]) {
xfree(r->chain);
r->chain = strdup(mnl_attr_get_str(tb[NFTA_RULE_CHAIN]));
+ if (!r->chain)
+ return -1;
r->flags |= (1 << NFTNL_RULE_CHAIN);
}
if (tb[NFTA_RULE_HANDLE]) {
memcpy(newset, set, sizeof(*set));
- if (set->flags & (1 << NFTNL_SET_TABLE))
+ if (set->flags & (1 << NFTNL_SET_TABLE)) {
newset->table = strdup(set->table);
- if (set->flags & (1 << NFTNL_SET_NAME))
+ if (!newset->table)
+ goto err;
+ }
+ if (set->flags & (1 << NFTNL_SET_NAME)) {
newset->name = strdup(set->name);
+ if (!newset->name)
+ goto err;
+ }
INIT_LIST_HEAD(&newset->element_list);
list_for_each_entry(elem, &set->element_list, head) {
if (tb[NFTA_SET_TABLE]) {
xfree(s->table);
s->table = strdup(mnl_attr_get_str(tb[NFTA_SET_TABLE]));
+ if (!s->table)
+ return -1;
s->flags |= (1 << NFTNL_SET_TABLE);
}
if (tb[NFTA_SET_NAME]) {
xfree(s->name);
s->name = strdup(mnl_attr_get_str(tb[NFTA_SET_NAME]));
+ if (!s->name)
+ return -1;
s->flags |= (1 << NFTNL_SET_NAME);
}
if (tb[NFTA_SET_FLAGS]) {
xfree(s->data.chain);
s->data.chain = strdup(data);
+ if (!s->data.chain)
+ return -1;
break;
case NFTNL_SET_ELEM_DATA: /* NFTA_SET_ELEM_DATA */
memcpy(s->data.val, data, data_len);
memcpy(newelem, elem, sizeof(*elem));
- if (elem->flags & (1 << NFTNL_SET_ELEM_CHAIN))
+ if (elem->flags & (1 << NFTNL_SET_ELEM_CHAIN)) {
newelem->data.chain = strdup(elem->data.chain);
+ if (!newelem->data.chain)
+ goto err;
+ }
return newelem;
+err:
+ nftnl_set_elem_free(newelem);
+ return NULL;
}
void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh,
xfree(s->table);
s->table =
strdup(mnl_attr_get_str(tb[NFTA_SET_ELEM_LIST_TABLE]));
+ if (!s->table)
+ return -1;
s->flags |= (1 << NFTNL_SET_TABLE);
}
if (tb[NFTA_SET_ELEM_LIST_SET]) {
xfree(s->name);
s->name =
strdup(mnl_attr_get_str(tb[NFTA_SET_ELEM_LIST_SET]));
+ if (!s->name)
+ return -1;
s->flags |= (1 << NFTNL_SET_NAME);
}
if (tb[NFTA_SET_ELEM_LIST_SET_ID]) {
if (tb[NFTA_TABLE_NAME]) {
xfree(t->name);
t->name = strdup(mnl_attr_get_str(tb[NFTA_TABLE_NAME]));
+ if (!t->name)
+ return -1;
t->flags |= (1 << NFTNL_TABLE_NAME);
}
if (tb[NFTA_TABLE_FLAGS]) {
return MNL_CB_OK;
}
-static void
-nftnl_trace_parse_verdict(const struct nlattr *attr, struct nftnl_trace *t)
+static int nftnl_trace_parse_verdict(const struct nlattr *attr,
+ struct nftnl_trace *t)
{
struct nlattr *tb[NFTA_VERDICT_MAX+1];
if (!tb[NFTA_VERDICT_CHAIN])
abi_breakage();
t->jump_target = strdup(mnl_attr_get_str(tb[NFTA_VERDICT_CHAIN]));
- if (t->jump_target)
- t->flags |= (1 << NFTNL_TRACE_JUMP_TARGET);
+ if (!t->jump_target)
+ return -1;
+
+ t->flags |= (1 << NFTNL_TRACE_JUMP_TARGET);
break;
}
+ return 0;
}
-
EXPORT_SYMBOL(nftnl_trace_nlmsg_parse);
+
int nftnl_trace_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_trace *t)
{
struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
if (tb[NFTA_TRACE_TABLE]) {
t->table = strdup(mnl_attr_get_str(tb[NFTA_TRACE_TABLE]));
+ if (!t->table)
+ return -1;
+
t->flags |= (1 << NFTNL_TRACE_TABLE);
}
if (tb[NFTA_TRACE_CHAIN]) {
t->chain = strdup(mnl_attr_get_str(tb[NFTA_TRACE_CHAIN]));
+ if (!t->chain)
+ return -1;
+
t->flags |= (1 << NFTNL_TRACE_CHAIN);
}
t->flags |= (1 << NFTNL_TRACE_RULE_HANDLE);
}
- if (tb[NFTA_TRACE_VERDICT])
- nftnl_trace_parse_verdict(tb[NFTA_TRACE_VERDICT], t);
+ if (tb[NFTA_TRACE_VERDICT] &&
+ nftnl_trace_parse_verdict(tb[NFTA_TRACE_VERDICT], t) < 0)
+ return -1;
if (nftnl_trace_nlmsg_parse_hdrdata(tb[NFTA_TRACE_LL_HEADER], &t->ll))
t->flags |= (1 << NFTNL_TRACE_LL_HEADER);
projects / thirdparty / libnftnl.git / commitdiff
