monitor: too large shift exponent displaying payload expression

ASAN reports too large shift exponent when displaying traces for raw
payload expression:

  trace id ec23e848 ip x y packet: oif "wlan0" src/netlink.c:2100:32: runtime error: shift exponent 1431657095 is too large for 32-bit type 'int'

skip if proto_unknown_template is set on in this payload expression.

Fixes: be5d9120e81e ("nft monitor [ trace ]")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink.c b/src/netlink.c
index 0088b742d573486935ac6e4c8cc8a5d70656ff20..efb0b69939dcfc7fe180f1f91c6528edf5382bf9 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -2096,6 +2096,7 @@ restart:
                /* Skip unknown and filtered expressions */
                desc = lhs->payload.desc;
                if (lhs->dtype == &invalid_type ||
+                   lhs->payload.tmpl == &proto_unknown_template ||
                    desc->checksum_key == payload_hdr_field(lhs) ||
                    desc->format.filter & (1 << payload_hdr_field(lhs))) {
                        expr_free(lhs);