From patchwork Wed Jun 26 11:37:09 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arturo Borrero X-Patchwork-Id: 254711 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 8CA8F2C0085 for ; Wed, 26 Jun 2013 21:37:27 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752049Ab3FZLhW (ORCPT ); Wed, 26 Jun 2013 07:37:22 -0400 Received: from smtp3.cica.es ([150.214.5.190]:54687 "EHLO smtp.cica.es" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752032Ab3FZLhR (ORCPT ); Wed, 26 Jun 2013 07:37:17 -0400 Received: from localhost (unknown [127.0.0.1]) by smtp.cica.es (Postfix) with ESMTP id DEB5051ED32; Wed, 26 Jun 2013 11:37:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at cica.es Received: from smtp.cica.es ([127.0.0.1]) by localhost (mail.cica.es [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwNAxAyr1d5Q; Wed, 26 Jun 2013 13:37:11 +0200 (CEST) Received: from nfdev.cica.es (nfdev.cica.es [IPv6:2a00:9ac0:c1ca:31::220]) by smtp.cica.es (Postfix) with ESMTP id 9968451ED25; Wed, 26 Jun 2013 13:37:11 +0200 (CEST) Subject: [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements To: netfilter-devel@vger.kernel.org From: Arturo Borrero Gonzalez Cc: pablo@netfilter.org Date: Wed, 26 Jun 2013 13:37:09 +0200 Message-ID: <20130626113709.23511.24896.stgit@nfdev.cica.es> In-Reply-To: <20130626113509.23511.14359.stgit@nfdev.cica.es> References: <20130626113509.23511.14359.stgit@nfdev.cica.es> User-Agent: StGit/0.15 MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org According to net/netfilter/nft_exthdr.c: nft_exthdr_init(), all of dreg, type, offset and len are mandatory: if (tb[NFTA_EXTHDR_DREG] == NULL || tb[NFTA_EXTHDR_TYPE] == NULL || tb[NFTA_EXTHDR_OFFSET] == NULL || tb[NFTA_EXTHDR_LEN] == NULL) return -EINVAL; So the XML parser must make sure the equivalent nodes exists. Signed-off-by: Arturo Borrero Gonzalez --- src/expr/exthdr.c | 95 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 55 insertions(+), 40 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 7e16878..762facd 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -195,64 +195,79 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml) return -1; } - /* Get and set . Not mandatory */ + /* All nodes are mandatory */ + + /* Get and set */ node = mxmlFindElement(tree, tree, "dreg", NULL, NULL, MXML_DESCEND_FIRST); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } + if (node == NULL) { + mxmlDelete(tree); + return -1; + } - if (tmp > NFT_REG_MAX) { - mxmlDelete(tree); - return -1; - } + tmp = strtoull(node->child->value.opaque, &endptr, 10); + if (tmp > UINT32_MAX || tmp < 0 || *endptr) { + mxmlDelete(tree); + return -1; + } - exthdr->dreg = tmp; - e->flags |= (1 << NFT_EXPR_EXTHDR_DREG); + if (tmp > NFT_REG_MAX) { + mxmlDelete(tree); + return -1; } - /* Get and set . Not mandatory */ + exthdr->dreg = tmp; + e->flags |= (1 << NFT_EXPR_EXTHDR_DREG); + + /* Get and set */ node = mxmlFindElement(tree, tree, "type", NULL, NULL, MXML_DESCEND); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT8_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } + if (node == NULL) { + mxmlDelete(tree); + return -1; + } - exthdr->type = tmp; - e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE); + tmp = strtoull(node->child->value.opaque, &endptr, 10); + if (tmp > UINT8_MAX || tmp < 0 || *endptr) { + mxmlDelete(tree); + return -1; } - /* Get and set . Not mandatory */ + exthdr->type = tmp; + e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE); + + /* Get and set */ node = mxmlFindElement(tree, tree, "offset", NULL, NULL, MXML_DESCEND); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } + if (node == NULL) { + mxmlDelete(tree); + return -1; + } - exthdr->offset = tmp; - e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET); + tmp = strtoull(node->child->value.opaque, &endptr, 10); + if (tmp > UINT_MAX || tmp < 0 || *endptr) { + mxmlDelete(tree); + return -1; } - /* Get and set . Not mandatory */ + exthdr->offset = tmp; + e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET); + + /* Get and set */ node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } + if (node == NULL) { + mxmlDelete(tree); + return -1; + } - exthdr->len = tmp; - e->flags |= (1 << NFT_EXPR_EXTHDR_LEN); + tmp = strtoull(node->child->value.opaque, &endptr, 10); + if (tmp > UINT_MAX || tmp < 0 || *endptr) { + mxmlDelete(tree); + return -1; } + + exthdr->len = tmp; + e->flags |= (1 << NFT_EXPR_EXTHDR_LEN); + mxmlDelete(tree); return 0; #else