7037828457
* Wed May 08 2024 Phil Sutter <psutter@redhat.com> [1.2.6-3.el9]
- tests: Fix objref test case (Phil Sutter) [RHEL-28515]
- expr: Respect data_len when setting attributes (Phil Sutter) [RHEL-28515]
- obj: Respect data_len when setting attributes (Phil Sutter) [RHEL-28515]
- utils: Introduce and use nftnl_set_str_attr() (Phil Sutter) [RHEL-28515]
- obj: Enforce attr_policy compliance in nftnl_obj_set_data() (Phil Sutter) [RHEL-28515]
- obj: Introduce struct obj_ops::attr_policy (Phil Sutter) [RHEL-28515]
- obj: Call obj_ops::set with legal attributes only (Phil Sutter) [RHEL-28515]
- obj: Repurpose struct obj_ops::max_attr field (Phil Sutter) [RHEL-28515]
- obj: Return value on setters (Phil Sutter) [RHEL-28515]
- object: getters take const struct (Phil Sutter) [RHEL-28515]
- utils: Fix for wrong variable use in nftnl_assert_validate() (Phil Sutter) [RHEL-28515]
- obj: synproxy: Use memcpy() to handle potentially unaligned data (Phil Sutter) [RHEL-28515]
- obj: Do not call nftnl_obj_set_data() with zero data_len (Phil Sutter) [RHEL-28515]
- table: Validate NFTNL_TABLE_OWNER, too (Phil Sutter) [RHEL-28515]
- set: Validate NFTNL_SET_ID, too (Phil Sutter) [RHEL-28515]
- obj: Validate NFTNL_OBJ_TYPE, too (Phil Sutter) [RHEL-28515]
- flowtable: Validate NFTNL_FLOWTABLE_SIZE, too (Phil Sutter) [RHEL-28515]
- table: Validate NFTNL_TABLE_USE, too (Phil Sutter) [RHEL-28515]
- chain: Validate NFTNL_CHAIN_USE, too (Phil Sutter) [RHEL-28515]
- expr: Enforce attr_policy compliance in nftnl_expr_set() (Phil Sutter) [RHEL-28515]
- expr: Introduce struct expr_ops::attr_policy (Phil Sutter) [RHEL-28515]
- include: Sync nf_log.h with kernel headers (Phil Sutter) [RHEL-28515]
- expr: Call expr_ops::set with legal types only (Phil Sutter) [RHEL-28515]
- expr: Repurpose struct expr_ops::max_attr field (Phil Sutter) [RHEL-28515]
- udata: incorrect userdata buffer size validation (Phil Sutter) [RHEL-28515]
- obj: ct_timeout: setter checks for timeout array boundaries (Phil Sutter) [RHEL-28515]
- set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA} (Phil Sutter) [RHEL-28515]
- set: buffer overflow in NFTNL_SET_DESC_CONCAT setter (Phil Sutter) [RHEL-28515]
- expr: fix buffer overflows in data value setters (Phil Sutter) [RHEL-28515]
Resolves: RHEL-28515
158 lines
5.8 KiB
Diff
158 lines
5.8 KiB
Diff
From 7275fc782f822451b2cba5414037e1b0a1a59bf5 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <psutter@redhat.com>
|
|
Date: Wed, 8 May 2024 22:39:41 +0200
|
|
Subject: [PATCH] obj: Return value on setters
|
|
|
|
JIRA: https://issues.redhat.com/browse/RHEL-28515
|
|
Upstream Status: libnftnl commit 691f90223712426a2babdb55d7e5526b7310ca6e
|
|
|
|
commit 691f90223712426a2babdb55d7e5526b7310ca6e
|
|
Author: Phil Sutter <phil@nwl.cc>
|
|
Date: Thu Mar 14 16:54:55 2024 +0100
|
|
|
|
obj: Return value on setters
|
|
|
|
Similar to other setters, let callers know if memory allocation fails.
|
|
Though return value with all setters, as all of them may be used to set
|
|
object type-specific attributes which may fail (e.g. if NFTNL_OBJ_TYPE
|
|
was not set before).
|
|
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
---
|
|
include/libnftnl/object.h | 14 ++++++-------
|
|
src/object.c | 41 +++++++++++++++++++++++----------------
|
|
2 files changed, 31 insertions(+), 24 deletions(-)
|
|
|
|
diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h
|
|
index 4b2d90f..e235fdf 100644
|
|
--- a/include/libnftnl/object.h
|
|
+++ b/include/libnftnl/object.h
|
|
@@ -123,14 +123,14 @@ void nftnl_obj_free(const struct nftnl_obj *ne);
|
|
|
|
bool nftnl_obj_is_set(const struct nftnl_obj *ne, uint16_t attr);
|
|
void nftnl_obj_unset(struct nftnl_obj *ne, uint16_t attr);
|
|
-void nftnl_obj_set_data(struct nftnl_obj *ne, uint16_t attr, const void *data,
|
|
- uint32_t data_len);
|
|
+int nftnl_obj_set_data(struct nftnl_obj *ne, uint16_t attr, const void *data,
|
|
+ uint32_t data_len);
|
|
void nftnl_obj_set(struct nftnl_obj *ne, uint16_t attr, const void *data) __attribute__((deprecated));
|
|
-void nftnl_obj_set_u8(struct nftnl_obj *ne, uint16_t attr, uint8_t val);
|
|
-void nftnl_obj_set_u16(struct nftnl_obj *ne, uint16_t attr, uint16_t val);
|
|
-void nftnl_obj_set_u32(struct nftnl_obj *ne, uint16_t attr, uint32_t val);
|
|
-void nftnl_obj_set_u64(struct nftnl_obj *obj, uint16_t attr, uint64_t val);
|
|
-void nftnl_obj_set_str(struct nftnl_obj *ne, uint16_t attr, const char *str);
|
|
+int nftnl_obj_set_u8(struct nftnl_obj *ne, uint16_t attr, uint8_t val);
|
|
+int nftnl_obj_set_u16(struct nftnl_obj *ne, uint16_t attr, uint16_t val);
|
|
+int nftnl_obj_set_u32(struct nftnl_obj *ne, uint16_t attr, uint32_t val);
|
|
+int nftnl_obj_set_u64(struct nftnl_obj *obj, uint16_t attr, uint64_t val);
|
|
+int nftnl_obj_set_str(struct nftnl_obj *ne, uint16_t attr, const char *str);
|
|
const void *nftnl_obj_get_data(const struct nftnl_obj *ne, uint16_t attr,
|
|
uint32_t *data_len);
|
|
const void *nftnl_obj_get(const struct nftnl_obj *ne, uint16_t attr);
|
|
diff --git a/src/object.c b/src/object.c
|
|
index a1a00d8..30e5ee8 100644
|
|
--- a/src/object.c
|
|
+++ b/src/object.c
|
|
@@ -77,8 +77,8 @@ static uint32_t nftnl_obj_validate[NFTNL_OBJ_MAX + 1] = {
|
|
};
|
|
|
|
EXPORT_SYMBOL(nftnl_obj_set_data);
|
|
-void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
|
|
- const void *data, uint32_t data_len)
|
|
+int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
|
|
+ const void *data, uint32_t data_len)
|
|
{
|
|
if (attr < NFTNL_OBJ_MAX)
|
|
nftnl_assert_validate(data, nftnl_obj_validate, attr, data_len);
|
|
@@ -87,15 +87,19 @@ void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
|
|
case NFTNL_OBJ_TABLE:
|
|
xfree(obj->table);
|
|
obj->table = strdup(data);
|
|
+ if (!obj->table)
|
|
+ return -1;
|
|
break;
|
|
case NFTNL_OBJ_NAME:
|
|
xfree(obj->name);
|
|
obj->name = strdup(data);
|
|
+ if (!obj->name)
|
|
+ return -1;
|
|
break;
|
|
case NFTNL_OBJ_TYPE:
|
|
obj->ops = nftnl_obj_ops_lookup(*((uint32_t *)data));
|
|
if (!obj->ops)
|
|
- return;
|
|
+ return -1;
|
|
break;
|
|
case NFTNL_OBJ_FAMILY:
|
|
memcpy(&obj->family, data, sizeof(obj->family));
|
|
@@ -112,16 +116,19 @@ void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
|
|
|
|
obj->user.data = malloc(data_len);
|
|
if (!obj->user.data)
|
|
- return;
|
|
+ return -1;
|
|
memcpy(obj->user.data, data, data_len);
|
|
obj->user.len = data_len;
|
|
break;
|
|
default:
|
|
- if (obj->ops)
|
|
- obj->ops->set(obj, attr, data, data_len);
|
|
- break;
|
|
+ if (!obj->ops)
|
|
+ return -1;
|
|
+
|
|
+ if (obj->ops->set(obj, attr, data, data_len) < 0)
|
|
+ return -1;
|
|
}
|
|
obj->flags |= (1 << attr);
|
|
+ return 0;
|
|
}
|
|
|
|
void nftnl_obj_set(struct nftnl_obj *obj, uint16_t attr, const void *data) __visible;
|
|
@@ -131,33 +138,33 @@ void nftnl_obj_set(struct nftnl_obj *obj, uint16_t attr, const void *data)
|
|
}
|
|
|
|
EXPORT_SYMBOL(nftnl_obj_set_u8);
|
|
-void nftnl_obj_set_u8(struct nftnl_obj *obj, uint16_t attr, uint8_t val)
|
|
+int nftnl_obj_set_u8(struct nftnl_obj *obj, uint16_t attr, uint8_t val)
|
|
{
|
|
- nftnl_obj_set_data(obj, attr, &val, sizeof(uint8_t));
|
|
+ return nftnl_obj_set_data(obj, attr, &val, sizeof(uint8_t));
|
|
}
|
|
|
|
EXPORT_SYMBOL(nftnl_obj_set_u16);
|
|
-void nftnl_obj_set_u16(struct nftnl_obj *obj, uint16_t attr, uint16_t val)
|
|
+int nftnl_obj_set_u16(struct nftnl_obj *obj, uint16_t attr, uint16_t val)
|
|
{
|
|
- nftnl_obj_set_data(obj, attr, &val, sizeof(uint16_t));
|
|
+ return nftnl_obj_set_data(obj, attr, &val, sizeof(uint16_t));
|
|
}
|
|
|
|
EXPORT_SYMBOL(nftnl_obj_set_u32);
|
|
-void nftnl_obj_set_u32(struct nftnl_obj *obj, uint16_t attr, uint32_t val)
|
|
+int nftnl_obj_set_u32(struct nftnl_obj *obj, uint16_t attr, uint32_t val)
|
|
{
|
|
- nftnl_obj_set_data(obj, attr, &val, sizeof(uint32_t));
|
|
+ return nftnl_obj_set_data(obj, attr, &val, sizeof(uint32_t));
|
|
}
|
|
|
|
EXPORT_SYMBOL(nftnl_obj_set_u64);
|
|
-void nftnl_obj_set_u64(struct nftnl_obj *obj, uint16_t attr, uint64_t val)
|
|
+int nftnl_obj_set_u64(struct nftnl_obj *obj, uint16_t attr, uint64_t val)
|
|
{
|
|
- nftnl_obj_set_data(obj, attr, &val, sizeof(uint64_t));
|
|
+ return nftnl_obj_set_data(obj, attr, &val, sizeof(uint64_t));
|
|
}
|
|
|
|
EXPORT_SYMBOL(nftnl_obj_set_str);
|
|
-void nftnl_obj_set_str(struct nftnl_obj *obj, uint16_t attr, const char *str)
|
|
+int nftnl_obj_set_str(struct nftnl_obj *obj, uint16_t attr, const char *str)
|
|
{
|
|
- nftnl_obj_set_data(obj, attr, str, strlen(str) + 1);
|
|
+ return nftnl_obj_set_data(obj, attr, str, strlen(str) + 1);
|
|
}
|
|
|
|
EXPORT_SYMBOL(nftnl_obj_get_data);
|