Checks the commentary maximum length and reports to user in case of error.
Example:
> nft add table t
> nft add chain t c
> nft add rule t c ip saddr 1.1.1.1 counter comment "abc...xyz" # len > 128
<cmdline>:1:47-N: Error: Comment too long. 128 characters maximum allowed
add rule t c ip saddr 1.1.1.1 counter comment abc...xyz
^^^^^^^^^
Signed-off-by: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
---
include/rule.h | 2 ++
src/parser_bison.y | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/include/rule.h b/include/rule.h
index bd24648..7e8daac 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -428,4 +428,6 @@ enum udata_type {
};
#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
+#define UDATA_COMMENT_MAXLEN 128
+
#endif /* NFTABLES_RULE_H */
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 6f51a49..0bf0e27 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1275,6 +1275,11 @@ ruleid_spec : chain_spec handle_spec position_spec
comment_spec : COMMENT string
{
+ if (strlen($2) > UDATA_COMMENT_MAXLEN ) {
+ erec_queue(error(&@2, "Comment too long. %d characters maximum allowed", UDATA_COMMENT_MAXLEN),
+ state->msgs);
+ YYERROR;
+ }
$$ = $2;
}
;
--
2.8.2
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
