exthdr: xml: fix mandatory elements

According to net/netfilter/nft_exthdr.c: nft_exthdr_init(),
all of dreg, type, offset and len are mandatory:

if (tb[NFTA_EXTHDR_DREG] == NULL ||
    tb[NFTA_EXTHDR_TYPE] == NULL ||
    tb[NFTA_EXTHDR_OFFSET] == NULL ||
    tb[NFTA_EXTHDR_LEN] == NULL)
	return -EINVAL;

So the XML parser must make sure the equivalent nodes exists.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 7e1687813a84aa38b7caec2b461b3a14ea30bcf3..762facd5f9b9fe43c87566f3124884080496d700 100644 (file)
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -195,64 +195,79 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
                return -1;
        }
 
-       /* Get and set <dreg>. Not mandatory */
+       /* All nodes are mandatory */
+
+       /* Get and set <dreg> */
        node = mxmlFindElement(tree, tree, "dreg", NULL, NULL,
                               MXML_DESCEND_FIRST);
-       if (node != NULL) {
-               tmp = strtoull(node->child->value.opaque, &endptr, 10);
-               if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
-                       mxmlDelete(tree);
-                       return -1;
-               }
+       if (node == NULL) {
+               mxmlDelete(tree);
+               return -1;
+       }
 
-               if (tmp > NFT_REG_MAX) {
-                       mxmlDelete(tree);
-                       return -1;
-               }
+       tmp = strtoull(node->child->value.opaque, &endptr, 10);
+       if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+               mxmlDelete(tree);
+               return -1;
+       }
 
-               exthdr->dreg = tmp;
-               e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
+       if (tmp > NFT_REG_MAX) {
+               mxmlDelete(tree);
+               return -1;
        }
 
-       /* Get and set <type>. Not mandatory */
+       exthdr->dreg = tmp;
+       e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
+
+       /* Get and set <type> */
        node = mxmlFindElement(tree, tree, "type", NULL, NULL, MXML_DESCEND);
-       if (node != NULL) {
-               tmp = strtoull(node->child->value.opaque, &endptr, 10);
-               if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
-                       mxmlDelete(tree);
-                       return -1;
-               }
+       if (node == NULL) {
+               mxmlDelete(tree);
+               return -1;
+       }
 
-               exthdr->type = tmp;
-               e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE);
+       tmp = strtoull(node->child->value.opaque, &endptr, 10);
+       if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+               mxmlDelete(tree);
+               return -1;
        }
 
-       /* Get and set <offset>. Not mandatory */
+       exthdr->type = tmp;
+       e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE);
+
+       /* Get and set <offset> */
        node = mxmlFindElement(tree, tree, "offset", NULL, NULL,
                               MXML_DESCEND);
-       if (node != NULL) {
-               tmp = strtoull(node->child->value.opaque, &endptr, 10);
-               if (tmp > UINT_MAX || tmp < 0 || *endptr) {
-                       mxmlDelete(tree);
-                       return -1;
-               }
+       if (node == NULL) {
+               mxmlDelete(tree);
+               return -1;
+       }
 
-               exthdr->offset = tmp;
-               e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET);
+       tmp = strtoull(node->child->value.opaque, &endptr, 10);
+       if (tmp > UINT_MAX || tmp < 0 || *endptr) {
+               mxmlDelete(tree);
+               return -1;
        }
 
-       /* Get and set <len>. Not mandatory */
+       exthdr->offset = tmp;
+       e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET);
+
+       /* Get and set <len> */
        node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND);
-       if (node != NULL) {
-               tmp = strtoull(node->child->value.opaque, &endptr, 10);
-               if (tmp > UINT_MAX || tmp < 0 || *endptr) {
-                       mxmlDelete(tree);
-                       return -1;
-               }
+       if (node == NULL) {
+               mxmlDelete(tree);
+               return -1;
+       }
 
-               exthdr->len = tmp;
-               e->flags |= (1 << NFT_EXPR_EXTHDR_LEN);
+       tmp = strtoull(node->child->value.opaque, &endptr, 10);
+       if (tmp > UINT_MAX || tmp < 0 || *endptr) {
+               mxmlDelete(tree);
+               return -1;
        }
+
+       exthdr->len = tmp;
+       e->flags |= (1 << NFT_EXPR_EXTHDR_LEN);
+
        mxmlDelete(tree);
        return 0;
 #else