Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> > char chain[NFT_CHAIN_MAXNAMELEN];
>
> Probably:
>
> chat chain[NFT_CHAIN_MAXNAMELEN + 1] = {};
> to ensure space for \0.
Not sure thats needed, the policy is:
[NFTA_CHAIN_NAME] = { .type = NLA_STRING,
.len = NFT_CHAIN_MAXNAMELEN - 1 },
> > + unsigned int len;
> > +
> > + memset(chain, 0, sizeof(chain));
>
> remove this memset then.
>
> > + len = e->len / BITS_PER_BYTE;
>
> div_round_up() ?
Do we have strings that are not divisible by BITS_PER_BYTE?
> > + if (len >= sizeof(chain))
> > + len = sizeof(chain) - 1;
>
> Probably BUG() here instead if e->len > NFT_CHAIN_MAXNAMELEN? This
> should not happen.
Yes, I can change this.
