Currently, if we choose a set name larger than allowed, the error message is:
Error: Could not process rule: Numerical result out of range
Let's inform the user with a better error message.
We can discuss later if length of set names should be increased, but I think
this better error reporting is necessary right now to avoid headaches to users.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
---
src/evaluate.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 346e34f..b86e5b6 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2123,6 +2123,7 @@ static int setelem_evaluate(struct eval_ctx *ctx, struct expr **expr)
static int set_evaluate(struct eval_ctx *ctx, struct set *set)
{
+ size_t namelen = IFNAMSIZ - 1;
struct table *table;
const char *type;
@@ -2136,6 +2137,10 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
type = set->flags & SET_F_MAP ? "map" : "set";
+ if (strlen(set->handle.set) > namelen)
+ return cmd_error(ctx, "%s maximum allowed name length is %lu",
+ type, namelen);
+
if (set->keytype == NULL)
return set_error(ctx, set, "%s definition does not specify "
"key data type", type);
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
