netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH libnftnl] obj: ct_timeout: setter checks for timeout array boundaries
Date: Tue, 20 Feb 2024 12:26:36 +0100	[thread overview]
Message-ID: <20240220112636.271115-1-pablo@netfilter.org> (raw)

Use _MAX definitions for timeout attribute arrays and check that
timeout array is not larger than NFTNL_CTTIMEOUT_ARRAY_MAX.

Fixes: 0adceeab1597 ("src: add ct timeout support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/obj/ct_timeout.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c
index 65b48bda4a97..fedf9e38b7ac 100644
--- a/src/obj/ct_timeout.c
+++ b/src/obj/ct_timeout.c
@@ -21,7 +21,7 @@
 
 #include "obj.h"
 
-static const char *const tcp_state_to_name[] = {
+static const char *const tcp_state_to_name[NFTNL_CTTIMEOUT_TCP_MAX] = {
 	[NFTNL_CTTIMEOUT_TCP_SYN_SENT]		= "SYN_SENT",
 	[NFTNL_CTTIMEOUT_TCP_SYN_RECV]		= "SYN_RECV",
 	[NFTNL_CTTIMEOUT_TCP_ESTABLISHED]	= "ESTABLISHED",
@@ -35,7 +35,7 @@ static const char *const tcp_state_to_name[] = {
 	[NFTNL_CTTIMEOUT_TCP_UNACK]		= "UNACKNOWLEDGED",
 };
 
-static uint32_t tcp_dflt_timeout[] = {
+static uint32_t tcp_dflt_timeout[NFTNL_CTTIMEOUT_TCP_MAX] = {
 	[NFTNL_CTTIMEOUT_TCP_SYN_SENT]		= 120,
 	[NFTNL_CTTIMEOUT_TCP_SYN_RECV]		= 60,
 	[NFTNL_CTTIMEOUT_TCP_ESTABLISHED]	= 432000,
@@ -49,12 +49,12 @@ static uint32_t tcp_dflt_timeout[] = {
 	[NFTNL_CTTIMEOUT_TCP_UNACK]		= 300,
 };
 
-static const char *const udp_state_to_name[] = {
+static const char *const udp_state_to_name[NFTNL_CTTIMEOUT_UDP_MAX] = {
 	[NFTNL_CTTIMEOUT_UDP_UNREPLIED]		= "UNREPLIED",
 	[NFTNL_CTTIMEOUT_UDP_REPLIED]		= "REPLIED",
 };
 
-static uint32_t udp_dflt_timeout[] = {
+static uint32_t udp_dflt_timeout[NFTNL_CTTIMEOUT_UDP_MAX] = {
 	[NFTNL_CTTIMEOUT_UDP_UNREPLIED]		= 30,
 	[NFTNL_CTTIMEOUT_UDP_REPLIED]		= 180,
 };
@@ -156,6 +156,9 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type,
 		memcpy(&timeout->l4proto, data, sizeof(timeout->l4proto));
 		break;
 	case NFTNL_OBJ_CT_TIMEOUT_ARRAY:
+		if (data_len < sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX)
+			return -1;
+
 		memcpy(timeout->timeout, data,
 		       sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX);
 		break;
-- 
2.30.2


                 reply	other threads:[~2024-02-20 11:26 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240220112636.271115-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).