Typically security contexts are not 'u32' sized but strings, for example 'system_u:object_r:my_http_client_packet_t:s0'. Fix length validation check to allow any context sizes. Signed-off-by: Topi Miettinen <toiwoton@xxxxxxxxx> --- src/nlmsg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nlmsg.c b/src/nlmsg.c index b1154fc..5400dd7 100644 --- a/src/nlmsg.c +++ b/src/nlmsg.c @@ -253,7 +253,6 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) case NFQA_IFINDEX_PHYSOUTDEV: case NFQA_CAP_LEN: case NFQA_SKB_INFO: - case NFQA_SECCTX: case NFQA_UID: case NFQA_GID: case NFQA_CT_INFO: @@ -281,6 +280,7 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) case NFQA_PAYLOAD: case NFQA_CT: case NFQA_EXP: + case NFQA_SECCTX: break; } tb[type] = attr; -- 2.30.2
