On Tue, Oct 15, 2019 at 04:16:56PM +0200, Phil Sutter wrote:
> By calling nftnl_set_set(), any data size checks are effectively
> bypassed. Better call nftnl_set_set_data() directly, passing the real
> size for validation.
>
> Signed-off-by: Phil Sutter <phil@xxxxxx>
Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Probably attribute((deprecated)) is better so we don't forget. Anyway,
we can probably nuke this function in the next release.
> ---
> src/set.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/set.c b/src/set.c
> index e6db7258cc224..b1ffe7e6de975 100644
> --- a/src/set.c
> +++ b/src/set.c
> @@ -195,6 +195,7 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
> return 0;
> }
>
> +/* XXX: Deprecate this, it is simply unsafe */
> EXPORT_SYMBOL(nftnl_set_set);
> int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data)
> {
> @@ -204,13 +205,13 @@ int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data)
> EXPORT_SYMBOL(nftnl_set_set_u32);
> void nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val)
> {
> - nftnl_set_set(s, attr, &val);
> + nftnl_set_set_data(s, attr, &val, sizeof(uint32_t));
> }
>
> EXPORT_SYMBOL(nftnl_set_set_u64);
> void nftnl_set_set_u64(struct nftnl_set *s, uint16_t attr, uint64_t val)
> {
> - nftnl_set_set(s, attr, &val);
> + nftnl_set_set_data(s, attr, &val, sizeof(uint64_t));
> }
>
> EXPORT_SYMBOL(nftnl_set_set_str);
> --
> 2.23.0
>
