Just like with the recent change in expr_ops, this series reuses obj_ops::max_attr field (patch 11) for validating the maximum attribute value and implements an 'attr_policy' field (patch 13) into struct obj_ops to verify maximum attribute lengths when dispatching to specific object type setters in nftnl_obj_set_data(). Patches 1-6 add missing attributes to existing validation arrays. Patches 7-9 fix for various more or less related bugs. Patch 10 enables error condition propagation to callers, missing already for ENOMEM situations and used by following patches. Patches 11-14 contain the actual implementation announced above. The remaining patches fix for the other possible cause of invalid data access, namely callers passing too small buffers. To verify this won't break users, I ran nftables' shell testsuite in nftables versions 0.9.9, 1.0.6 and current HEAD and compared the results with and without this series applied to libnftnl. Phil Sutter (17): chain: Validate NFTNL_CHAIN_USE, too table: Validate NFTNL_TABLE_USE, too flowtable: Validate NFTNL_FLOWTABLE_SIZE, too obj: Validate NFTNL_OBJ_TYPE, too set: Validate NFTNL_SET_ID, too table: Validate NFTNL_TABLE_OWNER, too obj: Do not call nftnl_obj_set_data() with zero data_len obj: synproxy: Use memcpy() to handle potentially unaligned data utils: Fix for wrong variable use in nftnl_assert_validate() obj: Return value on setters obj: Repurpose struct obj_ops::max_attr field obj: Call obj_ops::set with legal attributes only obj: Introduce struct obj_ops::attr_policy obj: Enforce attr_policy compliance in nftnl_obj_set_data() utils: Introduce and use nftnl_set_str_attr() obj: Respect data_len when setting attributes expr: Respect data_len when setting attributes include/libnftnl/object.h | 23 +++++++++++----- include/obj.h | 3 ++- include/utils.h | 7 +++-- src/chain.c | 37 +++++++------------------- src/expr/bitwise.c | 8 +++--- src/expr/byteorder.c | 10 +++---- src/expr/cmp.c | 4 +-- src/expr/connlimit.c | 4 +-- src/expr/counter.c | 4 +-- src/expr/ct.c | 8 +++--- src/expr/dup.c | 4 +-- src/expr/dynset.c | 12 ++++----- src/expr/exthdr.c | 14 +++++----- src/expr/fib.c | 6 ++--- src/expr/fwd.c | 6 ++--- src/expr/hash.c | 14 +++++----- src/expr/immediate.c | 6 ++--- src/expr/inner.c | 6 ++--- src/expr/last.c | 4 +-- src/expr/limit.c | 10 +++---- src/expr/log.c | 10 +++---- src/expr/lookup.c | 8 +++--- src/expr/masq.c | 6 ++--- src/expr/match.c | 2 +- src/expr/meta.c | 6 ++--- src/expr/nat.c | 14 +++++----- src/expr/numgen.c | 8 +++--- src/expr/objref.c | 6 ++--- src/expr/osf.c | 6 ++--- src/expr/payload.c | 16 +++++------ src/expr/queue.c | 8 +++--- src/expr/quota.c | 6 ++--- src/expr/range.c | 4 +-- src/expr/redir.c | 6 ++--- src/expr/reject.c | 4 +-- src/expr/rt.c | 4 +-- src/expr/socket.c | 6 ++--- src/expr/synproxy.c | 6 ++--- src/expr/target.c | 2 +- src/expr/tproxy.c | 6 ++--- src/expr/tunnel.c | 4 +-- src/expr/xfrm.c | 8 +++--- src/flowtable.c | 18 ++++--------- src/obj/counter.c | 14 ++++++---- src/obj/ct_expect.c | 24 +++++++++++------ src/obj/ct_helper.c | 19 +++++++++---- src/obj/ct_timeout.c | 15 +++++++---- src/obj/limit.c | 23 ++++++++++------ src/obj/quota.c | 17 +++++++----- src/obj/secmark.c | 9 ++++--- src/obj/synproxy.c | 17 +++++++----- src/obj/tunnel.c | 56 ++++++++++++++++++++++++++------------- src/object.c | 54 ++++++++++++++++++++++--------------- src/rule.c | 18 +++---------- src/set.c | 19 ++++--------- src/table.c | 11 +++----- src/utils.c | 14 ++++++++++ 57 files changed, 358 insertions(+), 306 deletions(-) -- 2.43.0
