On Tue, Aug 13, 2019 at 09:34:39PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> > > char chain[NFT_CHAIN_MAXNAMELEN];
> >
> > Probably:
> >
> > chat chain[NFT_CHAIN_MAXNAMELEN + 1] = {};
>
>
> > to ensure space for \0.
>
> Not sure thats needed, the policy is:
>
> [NFTA_CHAIN_NAME] = { .type = NLA_STRING,
> .len = NFT_CHAIN_MAXNAMELEN - 1 },
Right.
> > > + unsigned int len;
> > > +
> > > + memset(chain, 0, sizeof(chain));
> >
> > remove this memset then.
> >
> > > + len = e->len / BITS_PER_BYTE;
> >
> > div_round_up() ?
>
> Do we have strings that are not divisible by BITS_PER_BYTE?
Nope.
> > > + if (len >= sizeof(chain))
> > > + len = sizeof(chain) - 1;
> >
> > Probably BUG() here instead if e->len > NFT_CHAIN_MAXNAMELEN? This
> > should not happen.
>
> Yes, I can change this.
Thanks.
