From 947195e8e7adf0120222f5e15d0a2d2ed2895031 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Mon, 22 Jul 2019 17:34:26 +0200
Subject: [PATCH] trace: Check return value of mnl_attr_parse_nested()
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
Upstream Status: libnftnl commit 57f85977ed72e
commit 57f85977ed72ee3d623bbc2391d503f8a7e72c5d
Author: Phil Sutter <phil@nwl.cc>
Date: Thu Dec 14 20:40:25 2017 +0100
trace: Check return value of mnl_attr_parse_nested()
This is done everywhere else as well, so certainly not a bad thing here
either.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/trace.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/trace.c b/src/trace.c
index bd05d3c..b016e72 100644
--- a/src/trace.c
+++ b/src/trace.c
@@ -301,7 +301,8 @@ static int nftnl_trace_parse_verdict(const struct nlattr *attr,
{
struct nlattr *tb[NFTA_VERDICT_MAX+1];
- mnl_attr_parse_nested(attr, nftnl_trace_parse_verdict_cb, tb);
+ if (mnl_attr_parse_nested(attr, nftnl_trace_parse_verdict_cb, tb) < 0)
+ return -1;
if (!tb[NFTA_VERDICT_CODE])
abi_breakage();
--
1.8.3.1