Refer to obj_ops::nftnl_max_attr field value for the maximum supported attribute value to reject invalid ones upfront. Consequently drop default cases from callbacks' switches which handle all supported attributes. Signed-off-by: Phil Sutter <phil@xxxxxx> --- src/obj/counter.c | 2 -- src/obj/ct_expect.c | 2 -- src/obj/ct_helper.c | 2 -- src/obj/ct_timeout.c | 2 -- src/obj/limit.c | 2 -- src/obj/quota.c | 2 -- src/obj/secmark.c | 2 -- src/obj/synproxy.c | 2 -- src/obj/tunnel.c | 2 -- src/object.c | 4 +++- 10 files changed, 3 insertions(+), 19 deletions(-) diff --git a/src/obj/counter.c b/src/obj/counter.c index 76a1b20f19c30..982da2c6678e5 100644 --- a/src/obj/counter.c +++ b/src/obj/counter.c @@ -34,8 +34,6 @@ nftnl_obj_counter_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_CTR_PKTS: memcpy(&ctr->pkts, data, sizeof(ctr->pkts)); break; - default: - return -1; } return 0; } diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c index 7e9c5e1b9e48c..60014dc9848b5 100644 --- a/src/obj/ct_expect.c +++ b/src/obj/ct_expect.c @@ -35,8 +35,6 @@ static int nftnl_obj_ct_expect_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_CT_EXPECT_SIZE: memcpy(&exp->size, data, sizeof(exp->size)); break; - default: - return -1; } return 0; } diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c index f8aa73408839c..b8b05fd9eee8c 100644 --- a/src/obj/ct_helper.c +++ b/src/obj/ct_helper.c @@ -37,8 +37,6 @@ static int nftnl_obj_ct_helper_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_CT_HELPER_L4PROTO: memcpy(&helper->l4proto, data, sizeof(helper->l4proto)); break; - default: - return -1; } return 0; } diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c index ee86231f42965..011d92867a077 100644 --- a/src/obj/ct_timeout.c +++ b/src/obj/ct_timeout.c @@ -162,8 +162,6 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type, memcpy(timeout->timeout, data, sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX); break; - default: - return -1; } return 0; } diff --git a/src/obj/limit.c b/src/obj/limit.c index 1c54bbca72fef..83cb1935fc8e9 100644 --- a/src/obj/limit.c +++ b/src/obj/limit.c @@ -42,8 +42,6 @@ static int nftnl_obj_limit_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_LIMIT_FLAGS: memcpy(&limit->flags, data, sizeof(limit->flags)); break; - default: - return -1; } return 0; } diff --git a/src/obj/quota.c b/src/obj/quota.c index a39d552d923f2..665d7caf4a5d5 100644 --- a/src/obj/quota.c +++ b/src/obj/quota.c @@ -36,8 +36,6 @@ static int nftnl_obj_quota_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_QUOTA_FLAGS: memcpy("a->flags, data, sizeof(quota->flags)); break; - default: - return -1; } return 0; } diff --git a/src/obj/secmark.c b/src/obj/secmark.c index c78e35f2c284f..83cd1dc2264ed 100644 --- a/src/obj/secmark.c +++ b/src/obj/secmark.c @@ -30,8 +30,6 @@ static int nftnl_obj_secmark_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_SECMARK_CTX: snprintf(secmark->ctx, sizeof(secmark->ctx), "%s", (const char *)data); break; - default: - return -1; } return 0; } diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c index d259a517bebbf..f7c77627b56e9 100644 --- a/src/obj/synproxy.c +++ b/src/obj/synproxy.c @@ -27,8 +27,6 @@ static int nftnl_obj_synproxy_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_SYNPROXY_FLAGS: memcpy(&synproxy->flags, data, data_len); break; - default: - return -1; } return 0; } diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c index 19a3639eafc01..72985eeb761cd 100644 --- a/src/obj/tunnel.c +++ b/src/obj/tunnel.c @@ -76,8 +76,6 @@ nftnl_obj_tunnel_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR: memcpy(&tun->u.tun_erspan.u.v2.dir, data, sizeof(tun->u.tun_erspan.u.v2.dir)); break; - default: - return -1; } return 0; } diff --git a/src/object.c b/src/object.c index d363725e10fb8..bd4e51a21aea9 100644 --- a/src/object.c +++ b/src/object.c @@ -149,7 +149,9 @@ int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr, obj->user.len = data_len; break; default: - if (!obj->ops) + if (!obj->ops || + attr < NFTNL_OBJ_BASE || + attr > obj->ops->nftnl_max_attr) return -1; if (obj->ops->set(obj, attr, data, data_len) < 0) -- 2.43.0
