From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3290C04E53 for ; Wed, 15 May 2019 12:21:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 97DED20578 for ; Wed, 15 May 2019 12:21:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727371AbfEOMVT (ORCPT ); Wed, 15 May 2019 08:21:19 -0400 Received: from orbyte.nwl.cc ([151.80.46.58]:50516 "EHLO orbyte.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726982AbfEOK6v (ORCPT ); Wed, 15 May 2019 06:58:51 -0400 Received: from n0-1 by orbyte.nwl.cc with local (Exim 4.91) (envelope-from ) id 1hQrcY-0002KL-33; Wed, 15 May 2019 12:58:50 +0200 Date: Wed, 15 May 2019 12:58:50 +0200 From: Phil Sutter To: Fernando Fernandez Mancera Cc: netfilter-devel@vger.kernel.org Subject: Re: [PATCH 2/2 nft] jump: Allow goto and jump to a variable using nft input files Message-ID: <20190515105850.GA4851@orbyte.nwl.cc> Mail-Followup-To: Phil Sutter , Fernando Fernandez Mancera , netfilter-devel@vger.kernel.org References: <20190514211340.913-1-ffmancera@riseup.net> <20190514211340.913-2-ffmancera@riseup.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190514211340.913-2-ffmancera@riseup.net> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Hey, On Tue, May 14, 2019 at 11:13:40PM +0200, Fernando Fernandez Mancera wrote: [...] > diff --git a/src/datatype.c b/src/datatype.c > index 6aaf9ea..7e9ec5e 100644 > --- a/src/datatype.c > +++ b/src/datatype.c > @@ -297,11 +297,22 @@ static void verdict_type_print(const struct expr *expr, struct output_ctx *octx) > } > } > > +static struct error_record *verdict_type_parse(const struct expr *sym, > + struct expr **res) > +{ > + *res = constant_expr_alloc(&sym->location, &string_type, > + BYTEORDER_HOST_ENDIAN, > + (strlen(sym->identifier) + 1) * BITS_PER_BYTE, > + sym->identifier); > + return NULL; > +} One more thing: The above lacks error checking of any kind. I *think* this is the place where one should make sure the symbol expression is actually a string (but I'm not quite sure how you do that). In any case, please try to exploit that variable support in the testcase (or maybe a separate one), just to make sure we don't allow weird things. Thanks, Phil