[libnftables PATCH 1/3] nat: xml: fix xml_snprintf buffer offset

[libnftables PATCH 1/3] nat: xml: fix xml_snprintf buffer offset

[Arturo Borrero]

This patch fix the buffer offset of the nat snprintf function,
so elements are properly printed.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 src/expr/nat.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/expr/nat.c b/src/expr/nat.c
index a76f5b5..448d2e3 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -336,19 +336,21 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
 		break;
 	}
 
-	ret = snprintf(buf, len, "<family>%s</family>",
+	ret = snprintf(buf+offset, len, "<family>%s</family>",
 		       nat->family == AF_INET ? "AF_INET" : "AF_INET6");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
-		ret = snprintf(buf, len, "<sreg_addr_min_v4>%u</sreg_addr_min_v4>"
-				" <sreg_addr_max_v4>%u</sreg_addr_max_v4> ",
+		ret = snprintf(buf+offset, len,
+				"<sreg_addr_min_v4>%u</sreg_addr_min_v4>"
+				"<sreg_addr_max_v4>%u</sreg_addr_max_v4>",
 			       nat->sreg_addr_min, nat->sreg_addr_max);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
 	if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) {
-		ret = snprintf(buf, len, "<sreg_proto_min>%u</sreg_proto_min>"
+		ret = snprintf(buf+offset, len,
+				"<sreg_proto_min>%u</sreg_proto_min>"
 				"<sreg_proto_max>%u</sreg_proto_max>",
 		       nat->sreg_proto_min, nat->sreg_proto_max);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);

[libnftables PATCH 2/3] nat: xml: fix non-mandatory element

[Arturo Borrero]

If the node isn't present, this produces segfault.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 src/expr/nat.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/expr/nat.c b/src/expr/nat.c
index cd38e83..a76f5b5 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -258,7 +258,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
 	/* Get and set <sreg_addr_min_v4>. Not mandatory */
 	node = mxmlFindElement(tree, tree, "sreg_addr_min_v4", NULL, NULL,
 			       MXML_DESCEND);
-	if (node == NULL) {
+	if (node != NULL) {
 		tmp = strtoull(node->child->value.opaque, &endptr, 10);
 		if (tmp > UINT32_MAX || tmp < 0 || *endptr)
 			goto err;
@@ -270,7 +270,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
 	/* Get and set <sreg_addr_max_v4>. Not mandatory */
 	node = mxmlFindElement(tree, tree, "sreg_addr_max_v4", NULL, NULL,
 			       MXML_DESCEND);
-	if (node == NULL) {
+	if (node != NULL) {
 		tmp = strtoull(node->child->value.opaque, &endptr, 10);
 		if (tmp > UINT32_MAX || tmp < 0 || *endptr)
 			goto err;
@@ -282,7 +282,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
 	/* Get and set <sreg_proto_min>. Not mandatory */
 	node = mxmlFindElement(tree, tree, "sreg_proto_min", NULL, NULL,
 			       MXML_DESCEND);
-	if (node == NULL) {
+	if (node != NULL) {
 		tmp = strtoull(node->child->value.opaque, &endptr, 10);
 		if (tmp > UINT32_MAX || tmp < 0 || *endptr)
 			goto err;
@@ -294,7 +294,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
 	/* Get and set <sreg_proto_max>. Not mandatory */
 	node = mxmlFindElement(tree, tree, "sreg_proto_max", NULL, NULL,
 			       MXML_DESCEND);
-	if (node == NULL) {
+	if (node != NULL) {
 		tmp = strtoull(node->child->value.opaque, &endptr, 10);
 		if (tmp > UINT32_MAX || tmp < 0 || *endptr)
 			goto err;

[libnftables PATCH 3/3] rule: xml: delete trailing space

[Arturo Borrero]

This patch fix a trailing space in rule xml_snprintf.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 src/rule.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rule.c b/src/rule.c
index 99ad50c..1609cc3 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -654,7 +654,7 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
 
 	ret = snprintf(buf, size,
 		"<rule family=\"%u\" table=\"%s\" "
-			"chain=\"%s\" handle=\"%llu\" version=\"%d\"> ",
+			"chain=\"%s\" handle=\"%llu\" version=\"%d\">",
 				r->family, r->table, r->chain,
 				(unsigned long long)r->handle,
 				NFT_RULE_XML_VERSION);

Re: [libnftables PATCH 1/3] nat: xml: fix xml_snprintf buffer offset

[Pablo Neira Ayuso]

On Sat, Jun 15, 2013 at 03:16:03AM +0200, Arturo Borrero wrote:
> This patch fix the buffer offset of the nat snprintf function,
> so elements are properly printed.

Applied, thanks.

I would like to have more XML test in this tree.

Instead of the current .sh scripts, we should have a large list of
.xml files under libnftables/test/ with the different compositions
that we support.

Then, you can make a script that iterates over the list of existing
.xml files in that directory and it stops if the test fails.

Re: [libnftables PATCH 2/3] nat: xml: fix non-mandatory element

[Pablo Neira Ayuso]

On Sat, Jun 15, 2013 at 03:16:10AM +0200, Arturo Borrero wrote:
> If the node isn't present, this produces segfault.

Also applied.

Re: [libnftables PATCH 3/3] rule: xml: delete trailing space

[Pablo Neira Ayuso]

On Sat, Jun 15, 2013 at 03:16:15AM +0200, Arturo Borrero wrote:
> This patch fix a trailing space in rule xml_snprintf.

Applied, thanks.