From: Laurent Fasnacht <fasnacht@protonmail.ch>
To: netfilter-devel@vger.kernel.org
Cc: Laurent Fasnacht <fasnacht@protonmail.ch>
Subject: [PATCH nft include v2 5/7] scanner: correctly compute include depth
Date: Mon, 10 Feb 2020 10:17:25 +0000 [thread overview]
Message-ID: <20200210101709.9182-6-fasnacht@protonmail.ch> (raw)
In-Reply-To: <20200210101709.9182-1-fasnacht@protonmail.ch>
Inclusion depth was computed incorrectly for glob includes.
Signed-off-by: Laurent Fasnacht <fasnacht@protonmail.ch>
---
include/nftables.h | 2 ++
src/scanner.l | 20 ++++++++++++++------
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/include/nftables.h b/include/nftables.h
index ca0fbcaf..1d423738 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -176,6 +176,7 @@ enum input_descriptor_types {
*
* @location: location, used for include statements
* @f: file descriptor
+ * @depth: include depth of the descriptor
* @type: input descriptor type
* @name: name describing the input
* @union: buffer or file descriptor, depending on type
@@ -187,6 +188,7 @@ enum input_descriptor_types {
struct input_descriptor {
struct list_head list;
FILE* f;
+ unsigned int depth;
struct location location;
enum input_descriptor_types type;
const char *name;
diff --git a/src/scanner.l b/src/scanner.l
index 8397846b..7f40c5c1 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -692,7 +692,8 @@ static void scanner_pop_buffer(yyscan_t scanner)
}
static void scanner_push_file(struct nft_ctx *nft, void *scanner,
- FILE *f, const char *filename, const struct location *loc)
+ FILE *f, const char *filename, const struct location *loc,
+ const struct input_descriptor *parent_indesc)
{
struct parser_state *state = yyget_extra(scanner);
struct input_descriptor *indesc;
@@ -707,6 +708,11 @@ static void scanner_push_file(struct nft_ctx *nft, void *scanner,
indesc->location = *loc;
indesc->type = INDESC_FILE;
indesc->name = xstrdup(filename);
+ if (!parent_indesc) {
+ indesc->depth = 1;
+ } else {
+ indesc->depth = parent_indesc->depth + 1;
+ }
indesc->f = f;
init_pos(indesc);
@@ -714,13 +720,14 @@ static void scanner_push_file(struct nft_ctx *nft, void *scanner,
}
static int include_file(struct nft_ctx *nft, void *scanner,
- const char *filename, const struct location *loc)
+ const char *filename, const struct location *loc,
+ const struct input_descriptor *parent_indesc)
{
struct parser_state *state = yyget_extra(scanner);
struct error_record *erec;
FILE *f;
- if (state->indesc_idx == MAX_INCLUDE_DEPTH) {
+ if (parent_indesc && parent_indesc->depth == MAX_INCLUDE_DEPTH) {
erec = error(loc, "Include nested too deeply, max %u levels",
MAX_INCLUDE_DEPTH);
goto err;
@@ -732,7 +739,7 @@ static int include_file(struct nft_ctx *nft, void *scanner,
filename, strerror(errno));
goto err;
}
- scanner_push_file(nft, scanner, f, filename, loc);
+ scanner_push_file(nft, scanner, f, filename, loc, parent_indesc);
return 0;
err:
erec_queue(erec, state->msgs);
@@ -743,6 +750,7 @@ static int include_glob(struct nft_ctx *nft, void *scanner, const char *pattern,
const struct location *loc)
{
struct parser_state *state = yyget_extra(scanner);
+ struct input_descriptor *indesc = state->indesc;
struct error_record *erec = NULL;
bool wildcard = false;
glob_t glob_data;
@@ -803,7 +811,7 @@ static int include_glob(struct nft_ctx *nft, void *scanner, const char *pattern,
if (len == 0 || path[len - 1] == '/')
continue;
- ret = include_file(nft, scanner, path, loc);
+ ret = include_file(nft, scanner, path, loc, indesc);
if (ret != 0)
goto err;
}
@@ -840,7 +848,7 @@ err:
int scanner_read_file(struct nft_ctx *nft, const char *filename,
const struct location *loc)
{
- return include_file(nft, nft->scanner, filename, loc);
+ return include_file(nft, nft->scanner, filename, loc, NULL);
}
static bool search_in_include_path(const char *filename)
--
2.20.1
next prev parent reply other threads:[~2020-02-10 10:17 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-10 10:17 [PATCH nft include v2 0/7] Improve include behaviour Laurent Fasnacht
2020-02-10 10:17 ` [PATCH nft include v2 1/7] tests: shell: add test for glob includes Laurent Fasnacht
2020-02-12 20:45 ` Pablo Neira Ayuso
2020-02-10 10:17 ` [PATCH nft include v2 2/7] scanner: move the file descriptor to be in the input_descriptor structure Laurent Fasnacht
2020-02-10 22:46 ` Pablo Neira Ayuso
2020-02-10 10:17 ` [PATCH nft include v2 3/7] scanner: move indesc list append in scanner_push_indesc Laurent Fasnacht
2020-02-10 22:46 ` Pablo Neira Ayuso
2020-02-10 10:17 ` [PATCH nft include v2 4/7] scanner: remove parser_state->indescs static array Laurent Fasnacht
2020-02-10 23:32 ` Pablo Neira Ayuso
2020-02-11 4:36 ` Laurent Fasnacht
2020-02-12 20:45 ` Pablo Neira Ayuso
2020-02-10 10:17 ` Laurent Fasnacht [this message]
2020-02-10 10:17 ` [PATCH nft include v2 6/7] scanner: fix indesc_list stack to be in the correct order Laurent Fasnacht
2020-02-10 22:33 ` Pablo Neira Ayuso
2020-02-11 4:42 ` Laurent Fasnacht
2020-02-10 10:17 ` [PATCH nft include v2 7/7] scanner: remove parser_state->indesc_idx Laurent Fasnacht
2020-02-10 22:31 ` Pablo Neira Ayuso
2020-02-11 5:04 ` Laurent Fasnacht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200210101709.9182-6-fasnacht@protonmail.ch \
--to=fasnacht@protonmail.ch \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).