Every object type defines an attr_policy array, so deny setting attributes for object types which don't have it present or if it specifies a non-zero maxlen which is lower than the given data_len. Signed-off-by: Phil Sutter <phil@xxxxxx> --- src/object.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/object.c b/src/object.c index bd4e51a21aea9..2ddaa29cda0be 100644 --- a/src/object.c +++ b/src/object.c @@ -151,7 +151,12 @@ int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr, default: if (!obj->ops || attr < NFTNL_OBJ_BASE || - attr > obj->ops->nftnl_max_attr) + attr > obj->ops->nftnl_max_attr || + !obj->ops->attr_policy) + return -1; + + if (obj->ops->attr_policy[attr].maxlen && + obj->ops->attr_policy[attr].maxlen < data_len) return -1; if (obj->ops->set(obj, attr, data, data_len) < 0) -- 2.43.0
