git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Mon, 23 Jun 2025 19:37:31 +0000 (21:37 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 13 Aug 2025 18:47:57 +0000 (20:47 +0200)
commit	e1fc80df0be96b84ce1096cf51b4a98c26c0d578
tree	aef5b1e6e41a58eeacc0774956ffa3acfe4ffaad	tree \| snapshot
parent	8c5680ae9ab9aa4880118dab85d9201f71a23aa3	commit \| diff

evaluate: check that set type is identical before merging

commit 5335452966c4e5da2f3a5cf617cf431d711b215e upstream.

Reject maps and sets of the same name:
BUG: invalid range expression type catch-all set element
nft: src/expression.c:1704: range_expr_value_low: Assertion `0' failed.

After:
Error: Cannot merge set with existing datamap of same name
set z {
^

v2:
Pablo points out that we shouldn't merge datamaps (plain value) and objref
maps either, catch this too and add another test:

nft --check -f invalid_transcation_merge_map_and_objref_map
invalid_transcation_merge_map_and_objref_map:9:13-13: Error: Cannot merge map with incompatible existing map of same name

We should also make sure that both data (for map case) and
set keys are identical, this is added in a followup patch.

Signed-off-by: Florian Westphal <fw@strlen.de>

src/evaluate.c		diff \| blob \| blame \| history
tests/shell/testcases/bogons/nft-f/invalid_range_expression_type_catch-all_set_element_assert	[new file with mode: 0644]	blob
tests/shell/testcases/bogons/nft-f/invalid_transcation_merge_map_and_objref_map	[new file with mode: 0644]	blob