evaluate: fix shift exponent underflow in concatenation evaluation

commit 0fe79458cb5ae36d838f0e5a5dc5cc6f332cac03 upstream.

There is an underflow of the index that iterates over the concatenation:

../include/datatype.h:292:15: runtime error: shift exponent 4294967290 is too large for 32-bit type 'unsigned int'

set the datatype to invalid which is fine to evaluate a concatenation
in a set/map statement.

Update b8e1940aa190 ("tests: add a test case for map update from packet
path with concat") so it does not need a workaround to work.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index c04cb91d3919167ba891ac107dd23d76fb9bfb5c..70adb847d47577f0b5559d3ef0823e4d02b3ef27 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1357,7 +1357,7 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr)
                        dsize = key->len;
                        bo = key->byteorder;
                        off--;
-               } else if (dtype == NULL) {
+               } else if (dtype == NULL || off == 0) {
                        tmp = datatype_lookup(TYPE_INVALID);
                } else {
                        tmp = concat_subtype_lookup(type, --off);

diff --git a/tests/shell/testcases/maps/dumps/typeof_maps_concat_update_0.nft b/tests/shell/testcases/maps/dumps/typeof_maps_concat_update_0.nft
index d91b795fa000029caac02e7e835d74b00ee666f2..a2c3c139936b5266209a5dea10bfa21f074469a9 100644 (file)
--- a/tests/shell/testcases/maps/dumps/typeof_maps_concat_update_0.nft
+++ b/tests/shell/testcases/maps/dumps/typeof_maps_concat_update_0.nft
@@ -1,6 +1,6 @@
 table ip foo {
        map pinned {
-               typeof ip daddr . tcp dport : ip daddr . tcp dport
+               typeof ip saddr . ct original proto-dst : ip daddr . tcp dport
                size 65535
                flags dynamic,timeout
                timeout 6m

diff --git a/tests/shell/testcases/maps/typeof_maps_concat_update_0 b/tests/shell/testcases/maps/typeof_maps_concat_update_0
index 645ae142a5af5d8b4bc5ebe0f7f9f59bad55d804..e996f14e1830ceefb657f935cd3e05f315f7dddd 100755 (executable)
--- a/tests/shell/testcases/maps/typeof_maps_concat_update_0
+++ b/tests/shell/testcases/maps/typeof_maps_concat_update_0
@@ -4,13 +4,13 @@
 
 EXPECTED="table ip foo {
  map pinned {
-       typeof ip daddr . tcp dport : ip daddr . tcp dport
+       typeof ip saddr . ct original proto-dst : ip daddr . tcp dport
        size 65535
        flags dynamic,timeout
         timeout 6m
   }
   chain pr {
-     meta l4proto tcp update @pinned { ip saddr . ct original proto-dst timeout 1m30s : ip daddr . tcp dport }
+     update @pinned { ip saddr . ct original proto-dst timeout 1m30s : ip daddr . tcp dport }
   }
 }"