On 2022-04-09, at 01:27:03 +0200, Florian Westphal wrote:
> Jeremy Sowden <jeremy@xxxxxxxxxx> wrote:
> > diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
> > index f590ee1c8a1b..cdace40c6ba0 100644
> > --- a/net/netfilter/nft_bitwise.c
> > +++ b/net/netfilter/nft_bitwise.c
> > @@ -23,6 +23,7 @@ struct nft_bitwise {
> > struct nft_data mask;
> > struct nft_data xor;
> > struct nft_data data;
> > + u8 nbits;
> > };
> >
> > static void nft_bitwise_eval_bool(u32 *dst, const u32 *src,
> > @@ -88,6 +89,7 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
> > [NFTA_BITWISE_XOR] = { .type = NLA_NESTED },
> > [NFTA_BITWISE_OP] = { .type = NLA_U32 },
> > [NFTA_BITWISE_DATA] = { .type = NLA_NESTED },
> > + [NFTA_BITWISE_NBITS] = { .type = NLA_U32 },
>
> NLA_U8?
>
> Atm values > 255 are accepted but silently truncated to u8.
Good point. I imagine I copied and pasted the types from `len`, which
also has `NLA_U32` and `u8`. It, however, is parsed correctly:
err = nft_parse_u32_check(tb[NFTA_BITWISE_LEN], U8_MAX, &len);
if (err < 0)
return err;
Since `len` is `u8`, `nbits` will need to be `u16`. My inclination is
to leave the netlink type as NLA_U32 and parse it as follows:
err = nft_parse_u32_check(tb[NFTA_BITWISE_NBITS], U8_MAX * BITS_PER_BYTE,
&nbits);
if (err < 0)
return err;
J.
Attachment:
signature.asc
Description: PGP signature
