evaluate: fix gmp assertion with too-large reject code

author Florian Westphal <fw@strlen.de>

Thu, 14 Dec 2023 08:39:13 +0000 (09:39 +0100)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Wed, 22 Jan 2025 23:41:53 +0000 (00:41 +0100)
author Florian Westphal <fw@strlen.de>
Thu, 14 Dec 2023 08:39:13 +0000 (09:39 +0100)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Wed, 22 Jan 2025 23:41:53 +0000 (00:41 +0100)
diff --git a/src/evaluate.c b/src/evaluate.c

index 12f579768413766acbdb2c8d8bea89b741009974..e16f8f620df251dbd05688a6b34df4b3f4b5ec52 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3412,6 +3412,13 @@ static int stmt_evaluate_reject_icmp(struct eval_ctx *ctx, struct stmt *stmt)
                 erec_queue(erec, ctx->msgs);
                 return -1;
         }
+
+       if (mpz_cmp_ui(code->value, UINT8_MAX) > 0) {
+               expr_free(code);
+               return expr_error(ctx->msgs, stmt->reject.expr,
+                                 "reject code must be integer in range 0-255");
+       }
+
         stmt->reject.icmp_code = mpz_get_uint8(code->value);
         expr_free(code);
  
diff --git a/tests/shell/testcases/bogons/nft-f/icmp_reject_type_uint8_assert b/tests/shell/testcases/bogons/nft-f/icmp_reject_type_uint8_assert

new file mode 100644 (file)

index 0000000..1fc85b2
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/icmp_reject_type_uint8_assert
@@ -0,0 +1 @@
+rule t c reject with icmp 512
author	Florian Westphal <fw@strlen.de>
	Thu, 14 Dec 2023 08:39:13 +0000 (09:39 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 22 Jan 2025 23:41:53 +0000 (00:41 +0100)
src/evaluate.c		patch \| blob \| blame \| history
tests/shell/testcases/bogons/nft-f/icmp_reject_type_uint8_assert	[new file with mode: 0644]	patch \| blob