git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 10 Apr 2025 21:23:58 +0000 (23:23 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 27 Jul 2025 18:25:24 +0000 (20:25 +0200)
commit	3286e08a0afa21493793fd658f78c8610f1108ce
tree	e2567e992a4ae826f1621944e2444b388d3d5dec	tree \| snapshot
parent	df54222b7ca053f4464eb2a724504fc2c3a5e50e	commit \| diff

parser_bison: add selector_expr rule to restrict typeof_expr

commit 8bbdcb7346788a067968e3aa62ac7e5a670b08af upstream.

typeof_expr allows for symbol, constant and bitwise expressions,
restrict it to selector expressions.

After this patch, input generated by fuzzer is rejected upfront:

# nft -f test.nft
test.nft:3:53-53: Error: syntax error, unexpected number
               typeof numgen inc mod 2 : ip daddr . 0
                                                    ^
test.nft:2:12-13: Error: set definition does not specify key
       map t2 {
           ^^
test.nft:8:65-67: Error: No such file or directory
               meta l4proto tcp dnat ip to numgen inc mod 2 map @t2
                                                                ^^^
test.nft:8:65-67: Error: No such file or directory
               meta l4proto tcp dnat ip to numgen inc mod 2 map @t2
                                                                ^^^

Revisit 4ab1e5e60779 ("src: allow use of 'verdict' in typeof
definitions") to handle verdict as string, later a token can be added
to the scanner and enable it via flex start conditions.

Fixes: 14357cff40ed ("parser: add typeof keyword for declarations")
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/parser_bison.y		diff \| blob \| blame \| history
tests/shell/testcases/bogons/nft-f/invalid_set_key_stmt_evaluate_nat_map_assert	[new file with mode: 0644]	blob