]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ead5aaf) | patch
segtree: Check ranges when deleting elements
authorPhil Sutter <phil@nwl.cc>
Tue, 12 Nov 2019 19:00:15 +0000 (20:00 +0100)
committerPhil Sutter <phil@nwl.cc>
Thu, 14 Nov 2019 10:55:59 +0000 (11:55 +0100)
commitdecc12ec2dc319a9bb1fb5f629258c6c3a087db1
treefed83acb56e111b8e4acd98edbcf5e95985d79bctree | snapshot
parentead5aaf4fed074f126ab1b32536e234bf6bf2276commit | diff
segtree: Check ranges when deleting elements

Make sure any intervals to delete actually exist, otherwise reject the
command. Without this, it is possible to mess up rbtree contents:

| # nft list ruleset
| table ip t {
|  set s {
|  type ipv4_addr
|  flags interval
|  auto-merge
|  elements = { 192.168.1.0-192.168.1.254, 192.168.1.255 }
|  }
| }
| # nft delete element t s '{ 192.168.1.0/24 }'
| # nft list ruleset
| table ip t {
|  set s {
|  type ipv4_addr
|  flags interval
|  auto-merge
|  elements = { 192.168.1.255-255.255.255.255 }
|  }
| }

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/segtree.c diff | blob | blame | history
tests/shell/testcases/sets/0039delete_interval_0 [new file with mode: 0755] blob
Mirror of git://git.netfilter.org/nftables