Projects
Mega:24.03:SP1:Everything
nftables
_service:tar_scm:backport-evaluate-stmt_nat-set...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-evaluate-stmt_nat-set-reference-must-point-to-a-map.patch of Package nftables
From 3eb0a73a9ee32897290d4097c0ec29377e25859e Mon Sep 17 00:00:00 2001 From: Florian Westphal <fw@strlen.de> Date: Wed, 13 Dec 2023 17:00:37 +0100 Subject: [PATCH] evaluate: stmt_nat: set reference must point to a map nat_concat_map() requires a datamap, else we crash: set->data is dereferenced. Also update expr_evaluate_map() so that EXPR_SET_REF is checked there too. Signed-off-by: Florian Westphal <fw@strlen.de> --- src/evaluate.c | 9 +++++++++ .../bogons/nft-f/nat_stmt_with_set_instead_of_map | 10 ++++++++++ 2 files changed, 19 insertions(+) create mode 100644 tests/shell/testcases/bogons/nft-f/nat_stmt_with_set_instead_of_map diff --git a/src/evaluate.c b/src/evaluate.c index 1b3e8097..da382912 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2041,6 +2041,9 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr) break; case EXPR_SET_REF: /* symbol has been already evaluated to set reference */ + if (!set_is_map(mappings->set->flags)) + return expr_error(ctx->msgs, map->mappings, + "Expression is not a map"); break; default: BUG("invalid mapping expression %s\n", @@ -3969,6 +3972,12 @@ static bool nat_concat_map(struct eval_ctx *ctx, struct stmt *stmt) if (expr_evaluate(ctx, &stmt->nat.addr->mappings)) return false; + if (!set_is_datamap(stmt->nat.addr->mappings->set->flags)) { + expr_error(ctx->msgs, stmt->nat.addr->mappings, + "Expression is not a map"); + return false; + } + if (stmt->nat.addr->mappings->set->data->etype == EXPR_CONCAT || stmt->nat.addr->mappings->set->data->dtype->subtypes) { stmt->nat.type_flags |= STMT_NAT_F_CONCAT; diff --git a/tests/shell/testcases/bogons/nft-f/nat_stmt_with_set_instead_of_map b/tests/shell/testcases/bogons/nft-f/nat_stmt_with_set_instead_of_map new file mode 100644 index 00000000..b1302278 --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/nat_stmt_with_set_instead_of_map @@ -0,0 +1,10 @@ +table inet x { + set y { + type ipv4_addr + elements = { 2.2.2.2, 3.3.3.3 } + } + + chain y { + snat ip to ip saddr map @y + } +} -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2