git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Tue, 5 Dec 2023 11:56:08 +0000 (12:56 +0100)
committer	Florian Westphal <fw@strlen.de>
	Wed, 6 Dec 2023 15:52:29 +0000 (16:52 +0100)
commit	59a33d08ab3a75b2ae370b6816942793f49fa8db
tree	2745890e21596df8783a8b7b3b14ef725a57ce31	tree
parent	77ba01907cb46a504ef0c0c9705308fd2883cbb4	commit \| diff

parser: tcpopt: fix tcp option parsing with NUM + length field

tcp option 254 length ge 4

... will segfault.
The crash bug is that tcpopt_expr_alloc() can return NULL if we cannot
find a suitable template for the requested kind + field combination,
so add the needed error handling in the bison parser.

However, we can handle this. NOP and EOL have templates, all other
options (known or unknown) must also have a length field.

So also add a fallback template to handle both kind and length, even
if only a numeric option is given that nft doesn't recognize.

Don't bother with output, above will be printed via raw syntax, i.e.
tcp option @254,8,8 >= 4.

Fixes: 24d8da308342 ("tcpopt: allow to check for presence of any tcp option")
Reported-by: Maciej Żenczykowski <zenczykowski@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

src/parser_bison.y		diff \| blob \| blame \| history
src/tcpopt.c		diff \| blob \| blame \| history
tests/shell/testcases/packetpath/dumps/tcp_options.nodump	[new file with mode: 0644]	blob
tests/shell/testcases/packetpath/tcp_options	[new file with mode: 0755]	blob