All of lore.kernel.org
 help / color / mirror / Atom feed
* [nft PATCH] evaluate: Reject set references in mapping LHS
@ 2019-10-31 18:21 Phil Sutter
  2019-11-12 21:45 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 6+ messages in thread
From: Phil Sutter @ 2019-10-31 18:21 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

This wasn't explicitly caught before causing a program abort:

| BUG: invalid range expression type set reference
| nft: expression.c:1162: range_expr_value_low: Assertion `0' failed.
| zsh: abort      sudo ./install/sbin/nft add rule t c meta mark set tcp dport map '{ @s : 23 }

With this patch in place, the error message is way more descriptive:

| Error: Key can't be set reference
| add rule t c meta mark set tcp dport map { @s : 23 }
|                                            ^^

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 src/evaluate.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/evaluate.c b/src/evaluate.c
index 81230fc7f4be4..500780aeae243 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1456,6 +1456,10 @@ static int expr_evaluate_mapping(struct eval_ctx *ctx, struct expr **expr)
 	if (!expr_is_constant(mapping->left))
 		return expr_error(ctx->msgs, mapping->left,
 				  "Key must be a constant");
+	if (mapping->left->etype == EXPR_SET_ELEM &&
+	    mapping->left->key->etype == EXPR_SET_REF)
+		return expr_error(ctx->msgs, mapping->left,
+				  "Key can't be set reference");
 	mapping->flags |= mapping->left->flags & EXPR_F_SINGLETON;
 
 	expr_set_context(&ctx->ectx, set->datatype, set->datalen);
-- 
2.23.0


^ permalink raw reply related	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-11-14 10:52 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-31 18:21 [nft PATCH] evaluate: Reject set references in mapping LHS Phil Sutter
2019-11-12 21:45 ` Pablo Neira Ayuso
2019-11-12 22:18   ` Phil Sutter
2019-11-13 10:10     ` Phil Sutter
2019-11-13 23:10       ` Pablo Neira Ayuso
2019-11-14 10:52         ` Phil Sutter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.