On Wed, Sep 20, 2023 at 09:28:29PM +0200, Thomas Haller wrote:
> On Wed, 2023-09-20 at 20:13 +0200, Pablo Neira Ayuso wrote:
> > On Wed, Sep 20, 2023 at 04:26:08PM +0200, Thomas Haller wrote:
> > >
> > > -const struct expr_ops *expr_ops_by_type(enum expr_types value)
> > > +const struct expr_ops *expr_ops_by_type_u32(uint32_t value)
> > > {
> > > - /* value might come from unreliable source, such as "udata"
> > > - * annotation of set keys. Avoid BUG() assertion.
> > > - */
> > > - if (value == EXPR_INVALID || value > EXPR_MAX)
> > > + if (value > (uint32_t) EXPR_MAX)
> >
> > I think this still allows a third party to set EXPR_INVALID in the
> > netlink userdata attribute, right?
> >
> > > return NULL;
> > > -
> > > return __expr_ops_by_type(value);
> > > }
>
> Yes, it still allows that. It's handled by the following
> __expr_ops_by_type(), which returns NULL for invalid types (like
> EXPR_INVALID).
Oh indeed.
> The check "if (value > (uint32_t) EXPR_MAX)" is only here to ensure
> that nothing is lost while casting the uint32_t "value" to the enum
> expr_types.
Is this cast really required? This is to handle the hypothetical case
where EXPR_MAX ever gets a negative value?
