By calling nftnl_set_set(), any data size checks are effectively
bypassed. Better call nftnl_set_set_data() directly, passing the real
size for validation.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
src/set.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/set.c b/src/set.c
index e6db7258cc224..b1ffe7e6de975 100644
--- a/src/set.c
+++ b/src/set.c
@@ -195,6 +195,7 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
return 0;
}
+/* XXX: Deprecate this, it is simply unsafe */
EXPORT_SYMBOL(nftnl_set_set);
int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data)
{
@@ -204,13 +205,13 @@ int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data)
EXPORT_SYMBOL(nftnl_set_set_u32);
void nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val)
{
- nftnl_set_set(s, attr, &val);
+ nftnl_set_set_data(s, attr, &val, sizeof(uint32_t));
}
EXPORT_SYMBOL(nftnl_set_set_u64);
void nftnl_set_set_u64(struct nftnl_set *s, uint16_t attr, uint64_t val)
{
- nftnl_set_set(s, attr, &val);
+ nftnl_set_set_data(s, attr, &val, sizeof(uint64_t));
}
EXPORT_SYMBOL(nftnl_set_set_str);
--
2.23.0
