netlink: don't handle lhs zero-length expression as concat type

expr->len 0 can appear for some data types whose size can be different
based on some external state, e.g. the conntrack src/dst addresses.

The nft type is 'invalid/0-length' in the template definition, the
size is set (on linearization) based on the network base family,
i.e. the type is changed to ip or ipv6 address at a later stage.

For delinarization, skip zero-length expression as concat type
and give expr_postprocess a chance to fix the types.

Without this change the previous patch will result in nft consuming all
available memory when trying to display e.g. a 'ct saddr' rule.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 769321aa12381d93df3394b9e1db5908ec6905bd..c4ffab507e8cb7242695040399fd9642aa617b50 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -236,7 +236,7 @@ static void netlink_parse_cmp(struct netlink_parse_ctx *ctx,
            left->dtype != &string_type) {
                return netlink_error(ctx, loc,
                                     "Relational expression size mismatch");
-       } else if (left->len < right->len) {
+       } else if (left->len > 0 && left->len < right->len) {
                left = netlink_parse_concat_expr(ctx, loc, sreg, right->len);
                if (left == NULL)
                        return;