Don't ignore nested attribute parsing errors, this may hide bugs in users' code. Fixes: 0adceeab1597a ("src: add ct timeout support") Signed-off-by: Phil Sutter <phil@xxxxxx> --- src/obj/ct_timeout.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c index e2e99917de7ae..a439432deee18 100644 --- a/src/obj/ct_timeout.c +++ b/src/obj/ct_timeout.c @@ -116,7 +116,7 @@ parse_timeout_attr_policy_cb(const struct nlattr *attr, void *data) return MNL_CB_OK; } -static void +static int timeout_parse_attr_data(struct nftnl_obj *e, const struct nlattr *nest) { @@ -131,7 +131,8 @@ timeout_parse_attr_data(struct nftnl_obj *e, memset(tb, 0, sizeof(struct nlattr *) * attr_max); - mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt); + if (mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt) < 0) + return -1; for (i = 1; i <= attr_max; i++) { if (tb[i]) { @@ -139,6 +140,7 @@ timeout_parse_attr_data(struct nftnl_obj *e, ntohl(mnl_attr_get_u32(tb[i]))); } } + return 0; } static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type, @@ -248,7 +250,8 @@ nftnl_obj_ct_timeout_parse(struct nftnl_obj *e, struct nlattr *attr) e->flags |= (1 << NFTNL_OBJ_CT_TIMEOUT_L4PROTO); } if (tb[NFTA_CT_TIMEOUT_DATA]) { - timeout_parse_attr_data(e, tb[NFTA_CT_TIMEOUT_DATA]); + if (timeout_parse_attr_data(e, tb[NFTA_CT_TIMEOUT_DATA]) < 0) + return -1; e->flags |= (1 << NFTNL_OBJ_CT_TIMEOUT_ARRAY); } return 0; -- 2.23.0