* re: netfilter: nf_tables: add compatibility layer for x_tables
@ 2013-11-04 12:58 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2013-11-04 12:58 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel
Hello Pablo Neira Ayuso,
The patch 0ca743a55991: "netfilter: nf_tables: add compatibility
layer for x_tables" from Oct 14, 2013, leads to the following Smatch
warning: "net/netfilter/nft_compat.c:140 nft_parse_compat()
warn: signedness bug returning '(-34)'"
net/netfilter/nft_compat.c
131 static u8 nft_parse_compat(const struct nlattr *attr, bool *inv)
132 {
133 struct nlattr *tb[NFTA_RULE_COMPAT_MAX+1];
134 u32 flags;
135 int err;
136
137 err = nla_parse_nested(tb, NFTA_RULE_COMPAT_MAX, attr,
138 nft_rule_compat_policy);
139 if (err < 0)
140 return err;
^^^^^^^^^^
141
142 if (!tb[NFTA_RULE_COMPAT_PROTO] || !tb[NFTA_RULE_COMPAT_FLAGS])
143 return -EINVAL;
^^^^^^^^^^^^^^^
144
145 flags = ntohl(nla_get_be32(tb[NFTA_RULE_COMPAT_FLAGS]));
146 if (flags & ~NFT_RULE_COMPAT_F_MASK)
147 return -EINVAL;
^^^^^^^^^^^^^^^
148 if (flags & NFT_RULE_COMPAT_F_INV)
149 *inv = true;
150
151 return ntohl(nla_get_be32(tb[NFTA_RULE_COMPAT_PROTO]));
152 }
This function returns error codes but the return type is u8 so the error
codes are transformed into small positive values. The callers don't
check the return.
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-11-04 13:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-11-04 12:58 netfilter: nf_tables: add compatibility layer for x_tables Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).