[nft PATCH] mnl: Don't use nftnl_set_set()

Phil Sutter Tue, 15 Oct 2019 07:18:04 -0700

The function is unsafe to use as it effectively bypasses data length
checks. Instead use nftnl_set_set_str() which at least asserts a const
char pointer is passed.


Signed-off-by: Phil Sutter <p...@nwl.cc>
---
 src/mnl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mnl.c b/src/mnl.c
index 14fa4a7186fd3..75ab07b045aa5 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -945,7 +945,7 @@ mnl_nft_set_dump(struct netlink_ctx *ctx, int family, const 
char *table)
        nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
                                    NLM_F_DUMP, ctx->seqnum);
        if (table != NULL)
-               nftnl_set_set(s, NFTNL_SET_TABLE, table);
+               nftnl_set_set_str(s, NFTNL_SET_TABLE, table);
        nftnl_set_nlmsg_build_payload(nlh, s);
        nftnl_set_free(s);
 
-- 
2.23.0

[nft PATCH] mnl: Don't use nftnl_set_set()

Reply via email to