From 947195e8e7adf0120222f5e15d0a2d2ed2895031 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Mon, 22 Jul 2019 17:34:26 +0200
Subject: [PATCH] trace: Check return value of mnl_attr_parse_nested()

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
Upstream Status: libnftnl commit 57f85977ed72e

commit 57f85977ed72ee3d623bbc2391d503f8a7e72c5d
Author: Phil Sutter <phil@nwl.cc>
Date:   Thu Dec 14 20:40:25 2017 +0100

    trace: Check return value of mnl_attr_parse_nested()

    This is done everywhere else as well, so certainly not a bad thing here
    either.

    Signed-off-by: Phil Sutter <phil@nwl.cc>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/trace.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/trace.c b/src/trace.c
index bd05d3c..b016e72 100644
--- a/src/trace.c
+++ b/src/trace.c
@@ -301,7 +301,8 @@ static int nftnl_trace_parse_verdict(const struct nlattr *attr,
 {
 	struct nlattr *tb[NFTA_VERDICT_MAX+1];
 
-	mnl_attr_parse_nested(attr, nftnl_trace_parse_verdict_cb, tb);
+	if (mnl_attr_parse_nested(attr, nftnl_trace_parse_verdict_cb, tb) < 0)
+		return -1;
 
 	if (!tb[NFTA_VERDICT_CODE])
 		abi_breakage();
-- 
1.8.3.1