Projects
openEuler:24.03:SP1:Everything
nftables
_service:tar_scm:backport-netlink-don-t-crash-i...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-netlink-don-t-crash-if-prefix-for-byte-is-requested.patch of Package nftables
From 0404ff08b3c18052e6689d75fa85275d3cef7e8e Mon Sep 17 00:00:00 2001 From: Florian Westphal <fw@strlen.de> Date: Thu, 14 Dec 2023 15:39:27 +0100 Subject: [PATCH] netlink: don't crash if prefix for < byte is requested If prefix is used with a datatype that has less than 8 bits an assertion is triggered: src/netlink.c:243: netlink_gen_raw_data: Assertion `len > 0' failed. This is esoteric, the alternative would be to restrict prefixes to ipv4/ipv6 addresses. Simpler fix is to use round_up instead of divide. Signed-off-by: Florian Westphal <fw@strlen.de> --- src/netlink_linearize.c | 3 ++- tests/py/ip/ip.t | 2 ++ tests/py/ip/ip.t.json | 21 +++++++++++++++++++++ tests/py/ip/ip.t.payload | 8 ++++++++ tests/py/ip/ip.t.payload.bridge | 10 ++++++++++ tests/py/ip/ip.t.payload.inet | 10 ++++++++++ tests/py/ip/ip.t.payload.netdev | 10 ++++++++++ 7 files changed, 63 insertions(+), 1 deletion(-) diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 61828eb9..d8b41a08 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -460,7 +460,8 @@ static struct expr *netlink_gen_prefix(struct netlink_linearize_ctx *ctx, mpz_init(mask); mpz_prefixmask(mask, expr->right->len, expr->right->prefix_len); netlink_gen_raw_data(mask, expr->right->byteorder, - expr->right->len / BITS_PER_BYTE, &nld); + div_round_up(expr->right->len, BITS_PER_BYTE), + &nld); mpz_clear(mask); zero.len = nld.len; diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index 720d9ae9..e6999c29 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -133,3 +133,5 @@ ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 };ok ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept };ok + +ip dscp 1/6;ok;ip dscp & 0x3f == lephb diff --git a/tests/py/ip/ip.t.json b/tests/py/ip/ip.t.json index 882c94eb..a170e5c1 100644 --- a/tests/py/ip/ip.t.json +++ b/tests/py/ip/ip.t.json @@ -1809,3 +1809,23 @@ } ] +# ip dscp 1/6 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 63 + ] + }, + "op": "==", + "right": "lephb" + } + } +] diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload index 43605a36..d7ddf7be 100644 --- a/tests/py/ip/ip.t.payload +++ b/tests/py/ip/ip.t.payload @@ -556,3 +556,11 @@ ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] [ payload load 4b @ network header + 16 => reg 9 ] [ lookup reg 1 set __map%d dreg 0 ] + +# ip dscp 1/6 +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.bridge b/tests/py/ip/ip.t.payload.bridge index e506f300..53f881d3 100644 --- a/tests/py/ip/ip.t.payload.bridge +++ b/tests/py/ip/ip.t.payload.bridge @@ -726,3 +726,12 @@ bridge test-bridge input [ payload load 4b @ network header + 16 => reg 9 ] [ lookup reg 1 set __map%d dreg 0 ] +# ip dscp 1/6 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet index a7fa0faf..08674c98 100644 --- a/tests/py/ip/ip.t.payload.inet +++ b/tests/py/ip/ip.t.payload.inet @@ -726,3 +726,12 @@ inet test-inet input [ payload load 4b @ network header + 16 => reg 9 ] [ lookup reg 1 set __map%d dreg 0 ] +# ip dscp 1/6 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev index aebd9d64..8220b05d 100644 --- a/tests/py/ip/ip.t.payload.netdev +++ b/tests/py/ip/ip.t.payload.netdev @@ -726,3 +726,12 @@ netdev test-netdev ingress [ payload load 4b @ network header + 16 => reg 9 ] [ lookup reg 1 set __map%d dreg 0 ] +# ip dscp 1/6 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2