[nft]: fix some bugs of return value

[nft]: fix some bugs of return value

[Linmujia]

[-- Attachment #1: Type: text/plain, Size: 2322 bytes --]


linmujia - Nov. 24, 2015, 04:03 p.m.

Signed-off-by: linmujia <linmujia@huawei.com>
---
hello ,i reviewed nftables code and found some bugs of return value.

Thanks!



Patch

diff --git a/src/netlink.c b/src/netlink.c
index 974afb1..c555621 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -307,6 +307,8 @@ static void netlink_gen_verdict(const struct expr *expr,
 		strncpy(data->chain, expr->chain, NFT_CHAIN_MAXNAMELEN);
 		data->chain[NFT_CHAIN_MAXNAMELEN-1] = '\0';
 		break;
+	default:
+		BUG("invalid verdict value %u\n", expr->verdict);
 	}
 }
 
@@ -467,7 +469,7 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *arg)
 	if (h->family != family ||
 	    strcmp(table, h->table) != 0 ||
 	    (h->chain && strcmp(chain, h->chain) != 0))
-		return 0;
+		return -1;
 
 	netlink_dump_rule(nlr);
 	rule = netlink_delinearize_rule(ctx, nlr);
diff --git a/src/rule.c b/src/rule.c
index 5d3cd84..9d6d945 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -930,7 +930,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-	return 0;
+	return -1;
 }
 
 static int do_command_replace(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -942,7 +942,7 @@ static int do_command_replace(struct netlink_ctx *ctx, struct cmd *cmd)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-	return 0;
+	return -1;
 }
 
 static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -954,7 +954,7 @@ static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-	return 0;
+	return -1;
 }
 
 static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -974,6 +974,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
+    return -1;
 }
 
 static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -1258,6 +1259,7 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
+	return -1;
 }
 
 static int payload_match_stmt_cmp(const void *p1, const void *p2)



[-- Attachment #2: p001.patch --]
[-- Type: application/octet-stream, Size: 2059 bytes --]

diff --git a/src/netlink.c b/src/netlink.c
index 974afb1..c555621 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -307,6 +307,8 @@ static void netlink_gen_verdict(const struct expr *expr,
 		strncpy(data->chain, expr->chain, NFT_CHAIN_MAXNAMELEN);
 		data->chain[NFT_CHAIN_MAXNAMELEN-1] = '\0';
 		break;
+	default:
+		BUG("invalid verdict value %u\n", expr->verdict);
 	}
 }
 
@@ -467,7 +469,7 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *arg)
 	if (h->family != family ||
 	    strcmp(table, h->table) != 0 ||
 	    (h->chain && strcmp(chain, h->chain) != 0))
-		return 0;
+		return -1;
 
 	netlink_dump_rule(nlr);
 	rule = netlink_delinearize_rule(ctx, nlr);
diff --git a/src/rule.c b/src/rule.c
index 5d3cd84..9d6d945 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -930,7 +930,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-	return 0;
+	return -1;
 }
 
 static int do_command_replace(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -942,7 +942,7 @@ static int do_command_replace(struct netlink_ctx *ctx, struct cmd *cmd)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-	return 0;
+	return -1;
 }
 
 static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -954,7 +954,7 @@ static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-	return 0;
+	return -1;
 }
 
 static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -974,6 +974,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
+    return -1;
 }
 
 static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -1258,6 +1259,7 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd)
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
+	return -1;
 }
 
 static int payload_match_stmt_cmp(const void *p1, const void *p2)

Re: [nft]: fix some bugs of return value

[Pablo Neira Ayuso]

On Tue, Nov 24, 2015 at 09:00:21AM +0000, Linmujia wrote:
> 
> linmujia - Nov. 24, 2015, 04:03 p.m.
> 
> Signed-off-by: linmujia <linmujia@huawei.com>
> ---
> hello ,i reviewed nftables code and found some bugs of return value.
> 
> Thanks!
> 
> 
> 
> Patch
> 
> diff --git a/src/netlink.c b/src/netlink.c
> index 974afb1..c555621 100644
> --- a/src/netlink.c
> +++ b/src/netlink.c
> @@ -307,6 +307,8 @@ static void netlink_gen_verdict(const struct expr *expr,
>  		strncpy(data->chain, expr->chain, NFT_CHAIN_MAXNAMELEN);
>  		data->chain[NFT_CHAIN_MAXNAMELEN-1] = '\0';
>  		break;
> +	default:
> +		BUG("invalid verdict value %u\n", expr->verdict);
>  	}
>  }
>  
> @@ -467,7 +469,7 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *arg)
>  	if (h->family != family ||
>  	    strcmp(table, h->table) != 0 ||
>  	    (h->chain && strcmp(chain, h->chain) != 0))
> -		return 0;
> +		return -1;

I'm not sure I understand your intention, but this is not OK.

The iteration stops if we return -1, if we return 0 we keep iterating
over the list of objects to find a matching.