* [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set
@ 2022-06-23 18:09 Pablo Neira Ayuso
2022-06-23 18:09 ` [PATCH nft 2/2] intervals: check for EXPR_F_REMOVE in case of element mismatch Pablo Neira Ayuso
2022-06-27 10:38 ` [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set Pablo Neira Ayuso
0 siblings, 2 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2022-06-23 18:09 UTC (permalink / raw)
To: netfilter-devel
The set deletion routine expects an initialized set, otherwise it crashes.
Fixes: 3e8d934e4f72 ("intervals: support to partial deletion with automerge")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/intervals.c | 6 +++++-
tests/shell/testcases/sets/errors_0 | 14 ++++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
create mode 100755 tests/shell/testcases/sets/errors_0
diff --git a/src/intervals.c b/src/intervals.c
index dcc06d18d594..c21b3ee0ad60 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -475,7 +475,11 @@ int set_delete(struct list_head *msgs, struct cmd *cmd, struct set *set,
if (set->automerge)
automerge_delete(msgs, set, init, debug_mask);
- set_to_range(existing_set->init);
+ if (existing_set->init) {
+ set_to_range(existing_set->init);
+ } else {
+ existing_set->init = set_expr_alloc(&internal_location, set);
+ }
list_splice_init(&init->expressions, &del_list);
diff --git a/tests/shell/testcases/sets/errors_0 b/tests/shell/testcases/sets/errors_0
new file mode 100755
index 000000000000..2960b694c67c
--- /dev/null
+++ b/tests/shell/testcases/sets/errors_0
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip x {
+ set y {
+ type ipv4_addr
+ flags interval
+ }
+}
+
+delete element ip x y { 2.3.4.5 }"
+
+$NFT -f - <<< $RULESET || exit 0
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH nft 2/2] intervals: check for EXPR_F_REMOVE in case of element mismatch
2022-06-23 18:09 [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set Pablo Neira Ayuso
@ 2022-06-23 18:09 ` Pablo Neira Ayuso
2022-06-27 10:38 ` [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set Pablo Neira Ayuso
1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2022-06-23 18:09 UTC (permalink / raw)
To: netfilter-devel
If auto-merge is disable and element to be deleted finds no exact
matching, then bail out.
Fixes: 3e8d934e4f72 ("intervals: support to partial deletion with automerge")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/intervals.c | 4 ++++
tests/shell/testcases/sets/errors_0 | 20 ++++++++++++++++++--
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/src/intervals.c b/src/intervals.c
index c21b3ee0ad60..13009ca1b888 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -421,6 +421,10 @@ static int setelem_delete(struct list_head *msgs, struct set *set,
expr_error(msgs, i, "element does not exist");
err = -1;
goto err;
+ } else if (i->flags & EXPR_F_REMOVE) {
+ expr_error(msgs, i, "element does not exist");
+ err = -1;
+ goto err;
}
prev = NULL;
}
diff --git a/tests/shell/testcases/sets/errors_0 b/tests/shell/testcases/sets/errors_0
index 2960b694c67c..a676ac7331c8 100755
--- a/tests/shell/testcases/sets/errors_0
+++ b/tests/shell/testcases/sets/errors_0
@@ -1,7 +1,5 @@
#!/bin/bash
-set -e
-
RULESET="table ip x {
set y {
type ipv4_addr
@@ -11,4 +9,22 @@ RULESET="table ip x {
delete element ip x y { 2.3.4.5 }"
+$NFT -f - <<< $RULESET
+if [ $? -eq 0 ]
+then
+ exit 1
+fi
+
+RULESET="table ip x {
+ set y {
+ type ipv4_addr
+ flags interval
+ }
+}
+
+add element x y { 1.1.1.1/24 }
+delete element x y { 1.1.1.1/24 }
+add element x y { 1.1.1.1/24 }
+delete element x y { 2.2.2.2/24 }"
+
$NFT -f - <<< $RULESET || exit 0
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set
2022-06-23 18:09 [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set Pablo Neira Ayuso
2022-06-23 18:09 ` [PATCH nft 2/2] intervals: check for EXPR_F_REMOVE in case of element mismatch Pablo Neira Ayuso
@ 2022-06-27 10:38 ` Pablo Neira Ayuso
1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2022-06-27 10:38 UTC (permalink / raw)
To: netfilter-devel
On Thu, Jun 23, 2022 at 08:09:50PM +0200, Pablo Neira Ayuso wrote:
> The set deletion routine expects an initialized set, otherwise it crashes.
This series are now in master.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-27 10:38 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-23 18:09 [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set Pablo Neira Ayuso
2022-06-23 18:09 ` [PATCH nft 2/2] intervals: check for EXPR_F_REMOVE in case of element mismatch Pablo Neira Ayuso
2022-06-27 10:38 ` [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.