File _service:tar_scm:backport-evaluate-don-t-crash-... of Package nftables

File _service:tar_scm:backport-evaluate-don-t-crash-if-object-map-does-not-refer-to.patch of Package nftables

From 588470e00539404fd793fe22718067721f5754be Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 20 Dec 2023 11:06:04 +0100
Subject: [PATCH] evaluate: don't crash if object map does not refer to a value

Before:
BUG: Value export of 512 bytes would overflownft: src/netlink.c:474: netlink_gen_prefix: Assertion `0' failed.

After:
66: Error: Object mapping data should be a value, not prefix
synproxy name ip saddr map { 192.168.1.0/24 : "v*" }

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/evaluate.c                                             | 5 +++++
 tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert | 6 ++++++
 2 files changed, 11 insertions(+)
 create mode 100644 tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert

diff --git a/src/evaluate.c b/src/evaluate.c
index 5ddbde42..26f0110f 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2140,6 +2140,11 @@ static int expr_evaluate_mapping(struct eval_ctx *ctx, struct expr **expr)
 		return expr_error(ctx->msgs, mapping->right,
 				  "Value must be a singleton");
 
+	if (set_is_objmap(set->flags) && mapping->right->etype != EXPR_VALUE)
+		return expr_error(ctx->msgs, mapping->right,
+				  "Object mapping data should be a value, not %s",
+				  expr_name(mapping->right));
+
 	mapping->flags |= EXPR_F_CONSTANT;
 	return 0;
 }
diff --git a/tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert b/tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert
new file mode 100644
index 00000000..d880a377
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert
@@ -0,0 +1,6 @@
+table t {
+        chain y {
+                type filter hook input priority filter; policy accept;
+                synproxy name ip saddr map { 192.168.1.0/24 : "x*" }
+        }
+}
-- 
2.33.0