git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 5 Mar 2025 15:01:48 +0000 (16:01 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 18 Jun 2025 22:01:13 +0000 (00:01 +0200)
commit	4386556d9265dab2eea5e1fce833bbdb4fa1690d
tree	fc2b2b85fdc712ee3d59ea0c8778d8e2a18c726f	tree \| snapshot
parent	cfeb80323df626276ad825910ed23e4fe21714c8	commit \| diff

segtree: fix string data initialisation

commit 63e3d5953c144abbc4ead2665ad7cec799c4cb64 upstream.

This uses the wrong length.  This must re-use the length of the datatype,
not the string length.

The added test cases will fail without the fix due to erroneous
overlap detection, which in itself is due to incorrect sorting of
the elements.

Example error:
netlink: Error: interval overlaps with an existing one
add element inet testifsets simple_wild {  "2-1" } failed.
table inet testifsets {
      ...       elements = { "1-1", "abcdef*", "othername", "ppp0" }

... but clearly "2-1" doesn't overlap with any existing members.
The false detection is because of the "acvdef*" wildcard getting sorted
at the beginning of the list which is because its erronously initialised
as a 64bit number instead of 128 bits (16 bytes / IFNAMSIZ).

Fixes: 5e393ea1fc0a ("segtree: add string "range" reversal support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/segtree.c		diff \| blob \| blame \| history
tests/shell/testcases/sets/sets_with_ifnames		diff \| blob \| blame \| history