On Mon, May 30, 2016 at 05:41:00PM +0200, Carlos Falgueras García wrote:
> Checks the commentary maximum length and reports to user in case of error.
>
> The commentary rule of the parser was simplified in order to centralize the
> length checking.
>
> Signed-off-by: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
> ---
> include/parser.h | 6 ++++++
> src/parser_bison.y | 31 ++++++++++++++++++++-----------
> 2 files changed, 26 insertions(+), 11 deletions(-)
>
> diff --git a/include/parser.h b/include/parser.h
> index 92beab2..f48fcfd 100644
> --- a/include/parser.h
> +++ b/include/parser.h
> @@ -13,6 +13,12 @@
>
> #define SCOPE_NEST_MAX 3
>
> +/*
> + * This maximum is set to 32 bytes in order to keep the coherence with others
> + * string length in nft objects
> + */
> +#define MAX_COMM_LEN 32
Please, define this in rule.h together with the UDATA_* definitions.
This limitation has to do with the userdata area, so better if this
naming remember us why we have this restriction.
And bump it to 128 characters I'd suggest. This is half of what we
support in x_tables comment match, but better be conservative and wait
for users asking for longer descriptions.
> struct parser_state {
> struct input_descriptor *indesc;
> struct input_descriptor indescs[MAX_INCLUDE_DEPTH];
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index 0452b8f..c159684 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -440,7 +440,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
> %destructor { close_scope(state); table_free($$); } table_block_alloc
> %type <chain> chain_block_alloc chain_block
> %destructor { close_scope(state); chain_free($$); } chain_block_alloc
> -%type <rule> rule
> +%type <rule> rule rule_alloc
> %destructor { rule_free($$); } rule
>
> %type <val> set_flag_list set_flag
> @@ -1271,12 +1271,13 @@ ruleid_spec : chain_spec handle_spec position_spec
> }
> ;
>
> -comment_spec : /* empty */
> - {
> - $$ = NULL;
> - }
> - | COMMENT string
> +comment_spec : COMMENT string
> {
> + if (strlen($2) > MAX_COMM_LEN) {
> + erec_queue(error(&@2, "Comment too long. %d character maximun allowed", MAX_COMM_LEN),
> + state->msgs);
> + YYERROR;
> + }
> $$ = $2;
> }
> ;
> @@ -1293,18 +1294,26 @@ ruleset_spec : /* empty */
> }
> ;
>
> -rule : stmt_list comment_spec
> +rule : rule_alloc
> + {
> + $$->comment = NULL;
> + }
> + | rule_alloc comment_spec
> + {
> + $$->comment = $2;
> + }
> + ;
> +
This should happpen in a separated patch.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
