Patchwork [libnftables] data_reg: xml: fix invalid veredict validation

login
register
mail settings
Submitter Arturo Borrero
Date May 29, 2013, 10:46 p.m.
Message ID <20130529224626.18127.15020.stgit@nfdev.cica.es>
Download mbox | patch
Permalink /patch/247432/
State Changes Requested
Delegated to: Pablo Neira
Headers show

Comments

Arturo Borrero - May 29, 2013, 10:46 p.m.
Other kind of validations are used all over the XML parsing code.
This validation is not valid anymore, and this patch update it.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 src/expr/data_reg.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - June 5, 2013, 3:43 a.m.
On Thu, May 30, 2013 at 12:46:26AM +0200, Arturo Borrero wrote:
> Other kind of validations are used all over the XML parsing code.
> This validation is not valid anymore, and this patch update it.
> 
> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
> ---
>  src/expr/data_reg.c |    4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
> index 71b10fe..12adc18 100644
> --- a/src/expr/data_reg.c
> +++ b/src/expr/data_reg.c
> @@ -64,10 +64,8 @@ static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, char *xml)
>  		return -1;
>  	}
>  
> -	errno = 0;
>  	tmp = strtoll(node->child->value.opaque, &endptr, 10);
> -	if (tmp > INT_MAX || tmp < INT_MIN || errno != 0
> -						|| strlen(endptr) > 0) {
> +	if (tmp > INT_MAX || tmp < INT_MIN || *endptr) {

I think it's time to add some helper function like nft_stroll. This
function will take care of this tricky error handling and it will just
return -1 in case of error. You can put this new function in
src/utils.c and define it protype in internal.h.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index 71b10fe..12adc18 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -64,10 +64,8 @@  static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, char *xml)
 		return -1;
 	}
 
-	errno = 0;
 	tmp = strtoll(node->child->value.opaque, &endptr, 10);
-	if (tmp > INT_MAX || tmp < INT_MIN || errno != 0
-						|| strlen(endptr) > 0) {
+	if (tmp > INT_MAX || tmp < INT_MIN || *endptr) {
 		mxmlDelete(tree);
 		return -1;
 	}