From: Phil Sutter Date: Thu, 7 Mar 2024 12:25:31 +0000 (+0100) Subject: obj: Call obj_ops::set with legal attributes only X-Git-Tag: libnftnl-1.2.7~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=410c245e4811d7888daa456547af58d93d1c63b4;p=thirdparty%2Flibnftnl.git obj: Call obj_ops::set with legal attributes only Refer to obj_ops::nftnl_max_attr field value for the maximum supported attribute value to reject invalid ones upfront. Consequently drop default cases from callbacks' switches which handle all supported attributes. Signed-off-by: Phil Sutter --- diff --git a/src/obj/counter.c b/src/obj/counter.c index 76a1b20f..982da2c6 100644 --- a/src/obj/counter.c +++ b/src/obj/counter.c @@ -34,8 +34,6 @@ nftnl_obj_counter_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_CTR_PKTS: memcpy(&ctr->pkts, data, sizeof(ctr->pkts)); break; - default: - return -1; } return 0; } diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c index 7e9c5e1b..60014dc9 100644 --- a/src/obj/ct_expect.c +++ b/src/obj/ct_expect.c @@ -35,8 +35,6 @@ static int nftnl_obj_ct_expect_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_CT_EXPECT_SIZE: memcpy(&exp->size, data, sizeof(exp->size)); break; - default: - return -1; } return 0; } diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c index f8aa7340..b8b05fd9 100644 --- a/src/obj/ct_helper.c +++ b/src/obj/ct_helper.c @@ -37,8 +37,6 @@ static int nftnl_obj_ct_helper_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_CT_HELPER_L4PROTO: memcpy(&helper->l4proto, data, sizeof(helper->l4proto)); break; - default: - return -1; } return 0; } diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c index ee86231f..011d9286 100644 --- a/src/obj/ct_timeout.c +++ b/src/obj/ct_timeout.c @@ -162,8 +162,6 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type, memcpy(timeout->timeout, data, sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX); break; - default: - return -1; } return 0; } diff --git a/src/obj/limit.c b/src/obj/limit.c index 1c54bbca..83cb1935 100644 --- a/src/obj/limit.c +++ b/src/obj/limit.c @@ -42,8 +42,6 @@ static int nftnl_obj_limit_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_LIMIT_FLAGS: memcpy(&limit->flags, data, sizeof(limit->flags)); break; - default: - return -1; } return 0; } diff --git a/src/obj/quota.c b/src/obj/quota.c index a39d552d..665d7caf 100644 --- a/src/obj/quota.c +++ b/src/obj/quota.c @@ -36,8 +36,6 @@ static int nftnl_obj_quota_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_QUOTA_FLAGS: memcpy("a->flags, data, sizeof(quota->flags)); break; - default: - return -1; } return 0; } diff --git a/src/obj/secmark.c b/src/obj/secmark.c index c78e35f2..83cd1dc2 100644 --- a/src/obj/secmark.c +++ b/src/obj/secmark.c @@ -30,8 +30,6 @@ static int nftnl_obj_secmark_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_SECMARK_CTX: snprintf(secmark->ctx, sizeof(secmark->ctx), "%s", (const char *)data); break; - default: - return -1; } return 0; } diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c index d259a517..f7c77627 100644 --- a/src/obj/synproxy.c +++ b/src/obj/synproxy.c @@ -27,8 +27,6 @@ static int nftnl_obj_synproxy_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_SYNPROXY_FLAGS: memcpy(&synproxy->flags, data, data_len); break; - default: - return -1; } return 0; } diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c index 19a3639e..72985eeb 100644 --- a/src/obj/tunnel.c +++ b/src/obj/tunnel.c @@ -76,8 +76,6 @@ nftnl_obj_tunnel_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR: memcpy(&tun->u.tun_erspan.u.v2.dir, data, sizeof(tun->u.tun_erspan.u.v2.dir)); break; - default: - return -1; } return 0; } diff --git a/src/object.c b/src/object.c index d363725e..bd4e51a2 100644 --- a/src/object.c +++ b/src/object.c @@ -149,7 +149,9 @@ int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr, obj->user.len = data_len; break; default: - if (!obj->ops) + if (!obj->ops || + attr < NFTNL_OBJ_BASE || + attr > obj->ops->nftnl_max_attr) return -1; if (obj->ops->set(obj, attr, data, data_len) < 0)