From 1e37a9f7b5e8fe9353bd87f28dda39baa8d167d8 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Mon, 1 Jun 2020 20:14:20 +0200
Subject: [PATCH] improve parse_rule_cmp()

see #459
---
 miniupnpd/netfilter_nft/nftnlrdr_misc.c | 33 +++++++++++--------------
 1 file changed, 15 insertions(+), 18 deletions(-)

diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.c b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
index 9a4a5c3..2bde5ba 100644
--- a/miniupnpd/netfilter_nft/nftnlrdr_misc.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
@@ -346,12 +346,9 @@ parse_rule_payload(struct nftnl_expr *e, rule_t *r)
 static void
 parse_rule_cmp(struct nftnl_expr *e, rule_t *r)
 {
-	uint32_t data_len;
-	void *data_val;
+	uint32_t data_len = 0;
+	const void *data_val;
 	uint32_t op, sreg;
-	uint16_t *ports;
-	in_addr_t *addrp;
-	struct in6_addr *addrp6;
 
 	op = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP);
 
@@ -367,52 +364,52 @@ parse_rule_cmp(struct nftnl_expr *e, rule_t *r)
 		return;
 	}
 
-	data_val = (void *)nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &data_len);
+	data_val = nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &data_len);
 
 	switch (r->reg1_type) {
 	case RULE_REG_IIF:
 		if (data_len == sizeof(uint32_t)) {
-			r->ingress_ifidx = *(uint32_t *)data_val;
+			r->ingress_ifidx = *(const uint32_t *)data_val;
 		}
 		break;
 	case RULE_REG_IP_SRC_ADDR:
 		if (data_len == sizeof(in_addr_t)) {
-			r->rhost = *(in_addr_t *)data_val;
+			r->rhost = *(const in_addr_t *)data_val;
 		}
 		break;
 	case RULE_REG_IP6_SRC_ADDR:
 		if (data_len == sizeof(struct in6_addr)) {
-			r->rhost6 = *(struct in6_addr *)data_val;
+			r->rhost6 = *(const struct in6_addr *)data_val;
 		}
 		break;
 	case RULE_REG_IP_DEST_ADDR:
 		if (data_len == sizeof(in_addr_t)) {
 			if (r->type == RULE_FILTER) {
-				r->iaddr = *(in_addr_t *)data_val;
+				r->iaddr = *(const in_addr_t *)data_val;
 			} else {
-				r->rhost = *(in_addr_t *)data_val;
+				r->rhost = *(const in_addr_t *)data_val;
 			}
 		}
 		break;
 	case RULE_REG_IP6_DEST_ADDR:
 		if (data_len == sizeof(struct in6_addr)) {
 			if (r->type == RULE_FILTER) {
-				r->iaddr6 = *(struct in6_addr *)data_val;
+				r->iaddr6 = *(const struct in6_addr *)data_val;
 			} else {
-				r->rhost6 = *(struct in6_addr *)data_val;
+				r->rhost6 = *(const struct in6_addr *)data_val;
 			}
 		}
 		break;
 	case RULE_REG_IP_SD_ADDR:
 		if (data_len == sizeof(in_addr_t) * 2) {
-			addrp = (in_addr_t *)data_val;
+			const in_addr_t *addrp = (const in_addr_t *)data_val;
 			r->iaddr = addrp[0];
 			r->rhost = addrp[1];
 		}
 		break;
 	case RULE_REG_IP6_SD_ADDR:
 		if (data_len == sizeof(struct in6_addr) * 2) {
-			addrp6 = (struct in6_addr *)data_val;
+			const struct in6_addr *addrp6 = (const struct in6_addr *)data_val;
 			r->iaddr6 = addrp6[0];
 			r->rhost6 = addrp6[1];
 		}
@@ -420,17 +417,17 @@ parse_rule_cmp(struct nftnl_expr *e, rule_t *r)
 	case RULE_REG_IP_PROTO:
 	case RULE_REG_IP6_PROTO:
 		if (data_len == sizeof(uint8_t)) {
-			r->proto = *(uint8_t *)data_val;
+			r->proto = *(const uint8_t *)data_val;
 		}
 		break;
 	case RULE_REG_TCP_DPORT:
 		if (data_len == sizeof(uint16_t)) {
-			r->eport = ntohs(*(uint16_t *)data_val);
+			r->eport = ntohs(*(const uint16_t *)data_val);
 		}
 		break;
 	case RULE_REG_TCP_SD_PORT:
 		if (data_len == sizeof(uint16_t) * 2) {
-			ports = (uint16_t *)data_val;
+			const uint16_t * ports = (const uint16_t *)data_val;
 			r->eport = ntohs(ports[0]);
 			r->rport = ntohs(ports[1]);
 		}