evaluate: bail out on prefix or range to non-interval set

author Pablo Neira Ayuso <pablo@netfilter.org>

Mon, 18 Apr 2016 17:10:28 +0000 (19:10 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Wed, 27 Apr 2016 10:30:34 +0000 (12:30 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Mon, 18 Apr 2016 17:10:28 +0000 (19:10 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Wed, 27 Apr 2016 10:30:34 +0000 (12:30 +0200)
diff --git a/src/evaluate.c b/src/evaluate.c

index 63c0091d8daa57afb7dc8ea177290aabfb80c8ad..7444d09ce17e9f4c89b6f3cf1ea7ab92569a814d 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -929,6 +929,22 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr)
         if (expr_evaluate(ctx, &elem->key) < 0)
                 return -1;
  
+       if (ctx->set &&
+           !(ctx->set->flags & (SET_F_ANONYMOUS | SET_F_INTERVAL))) {
+               switch (elem->key->ops->type) {
+               case EXPR_PREFIX:
+                       return expr_error(ctx->msgs, elem,
+                                         "Set member cannot be prefix, "
+                                         "missing interval flag on declaration");
+               case EXPR_RANGE:
+                       return expr_error(ctx->msgs, elem,
+                                         "Set member cannot be range, "
+                                         "missing interval flag on declaration");
+               default:
+                       break;
+               }
+       }
+
         elem->dtype = elem->key->dtype;
         elem->len   = elem->key->len;
         elem->flags = elem->key->flags;
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 18 Apr 2016 17:10:28 +0000 (19:10 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 27 Apr 2016 10:30:34 +0000 (12:30 +0200)