@@ -34,8 +34,6 @@ nftnl_obj_counter_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_CTR_PKTS:
memcpy(&ctr->pkts, data, sizeof(ctr->pkts));
break;
- default:
- return -1;
}
return 0;
}
@@ -35,8 +35,6 @@ static int nftnl_obj_ct_expect_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_CT_EXPECT_SIZE:
memcpy(&exp->size, data, sizeof(exp->size));
break;
- default:
- return -1;
}
return 0;
}
@@ -37,8 +37,6 @@ static int nftnl_obj_ct_helper_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_CT_HELPER_L4PROTO:
memcpy(&helper->l4proto, data, sizeof(helper->l4proto));
break;
- default:
- return -1;
}
return 0;
}
@@ -162,8 +162,6 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type,
memcpy(timeout->timeout, data,
sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX);
break;
- default:
- return -1;
}
return 0;
}
@@ -42,8 +42,6 @@ static int nftnl_obj_limit_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_LIMIT_FLAGS:
memcpy(&limit->flags, data, sizeof(limit->flags));
break;
- default:
- return -1;
}
return 0;
}
@@ -36,8 +36,6 @@ static int nftnl_obj_quota_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_QUOTA_FLAGS:
memcpy("a->flags, data, sizeof(quota->flags));
break;
- default:
- return -1;
}
return 0;
}
@@ -30,8 +30,6 @@ static int nftnl_obj_secmark_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_SECMARK_CTX:
snprintf(secmark->ctx, sizeof(secmark->ctx), "%s", (const char *)data);
break;
- default:
- return -1;
}
return 0;
}
@@ -27,8 +27,6 @@ static int nftnl_obj_synproxy_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_SYNPROXY_FLAGS:
memcpy(&synproxy->flags, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -76,8 +76,6 @@ nftnl_obj_tunnel_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR:
memcpy(&tun->u.tun_erspan.u.v2.dir, data, sizeof(tun->u.tun_erspan.u.v2.dir));
break;
- default:
- return -1;
}
return 0;
}
@@ -149,7 +149,9 @@ int nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
obj->user.len = data_len;
break;
default:
- if (!obj->ops)
+ if (!obj->ops ||
+ attr < NFTNL_OBJ_BASE ||
+ attr > obj->ops->nftnl_max_attr)
return -1;
if (obj->ops->set(obj, attr, data, data_len) < 0)
Refer to obj_ops::nftnl_max_attr field value for the maximum supported attribute value to reject invalid ones upfront. Consequently drop default cases from callbacks' switches which handle all supported attributes. Signed-off-by: Phil Sutter <phil@nwl.cc> --- src/obj/counter.c | 2 -- src/obj/ct_expect.c | 2 -- src/obj/ct_helper.c | 2 -- src/obj/ct_timeout.c | 2 -- src/obj/limit.c | 2 -- src/obj/quota.c | 2 -- src/obj/secmark.c | 2 -- src/obj/synproxy.c | 2 -- src/obj/tunnel.c | 2 -- src/object.c | 4 +++- 10 files changed, 3 insertions(+), 19 deletions(-)