From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Thomas Haller <thaller@redhat.com>
Cc: NetFilter <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nft 5/5] datatype: check against negative "type" argument in datatype_lookup()
Date: Wed, 30 Aug 2023 10:23:55 +0200 [thread overview]
Message-ID: <ZO78m/9YMRtk0oY/@calendula> (raw)
In-Reply-To: <29aee24e1fb3e7b273b48ee3d735f182c62a0d92.camel@redhat.com>
On Wed, Aug 30, 2023 at 10:08:50AM +0200, Thomas Haller wrote:
[...]
> I don't think it suffices. The following fail the assertion (or would
> access out of bounds).
>
>
> diff --git c/include/datatype.h i/include/datatype.h
> index 9ce7359cd340..7d3b6b20d27c 100644
> --- c/include/datatype.h
> +++ i/include/datatype.h
> @@ -98,7 +98,8 @@ enum datatypes {
> TYPE_TIME_HOUR,
> TYPE_TIME_DAY,
> TYPE_CGROUPV2,
> - __TYPE_MAX
> + __TYPE_MAX,
> + __TYPE_FORCE_SIGNED = -1,
I don't expect to ever have a negative defined here.
> };
> #define TYPE_MAX (__TYPE_MAX - 1)
>
> diff --git c/src/datatype.c i/src/datatype.c
> index ba1192c83595..1ff8a4a08551 100644
> --- c/src/datatype.c
> +++ i/src/datatype.c
> @@ -89,6 +89,7 @@ const struct datatype *datatype_lookup(enum datatypes
> type)
>
> if (type > TYPE_MAX)
> return NULL;
> + assert(type != (enum datatypes) -1);
> return datatypes[type];
> }
>
> diff --git c/src/libnftables.c i/src/libnftables.c
> index 9c802ec95f27..7e60d1a18d39 100644
> --- c/src/libnftables.c
> +++ i/src/libnftables.c
> @@ -203,6 +203,8 @@ struct nft_ctx *nft_ctx_new(uint32_t flags)
> #endif
> }
>
> + datatype_lookup(-1);
> +
> ctx = xzalloc(sizeof(struct nft_ctx));
> nft_init(ctx);
>
>
>
>
> If you expect that "type" is always valid, then there is no need to
> check against >TYPE_MAX. If you expect that it might be invalid, it
> seems prudent to also check against negative values.
>
>
>
> Thomas
>
prev parent reply other threads:[~2023-08-30 18:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-29 18:54 [PATCH nft 0/5] fix compiler warnings with clang and "-Wextra" Thomas Haller
2023-08-29 18:54 ` [PATCH nft 1/5] rule: fix "const static" declaration Thomas Haller
2023-08-29 18:54 ` [PATCH nft 2/5] utils: call abort() after BUG() macro Thomas Haller
2023-08-29 18:54 ` [PATCH nft 3/5] src: silence "implicit-fallthrough" warnings Thomas Haller
2023-08-29 18:54 ` [PATCH nft 4/5] xt: avoid "-Wmissing-field-initializers" for "original_opts" Thomas Haller
2023-08-29 18:54 ` [PATCH nft 5/5] datatype: check against negative "type" argument in datatype_lookup() Thomas Haller
2023-08-29 19:10 ` Pablo Neira Ayuso
2023-08-29 19:14 ` Pablo Neira Ayuso
2023-08-29 19:58 ` Thomas Haller
2023-08-30 7:46 ` Pablo Neira Ayuso
2023-08-30 8:08 ` Thomas Haller
2023-08-30 8:23 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZO78m/9YMRtk0oY/@calendula \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=thaller@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).