commit
49721e28db3e7b28f443bf963547c12f4dcf856d upstream.
Its possible to end up with prefix expressions that have
a symbolic expression, e.g.:
table t {
set s {
type inet_service
flags interval
elements = { 172.16.0.0/16 }
}
set s {
type inet_service
flags interval
elements = { 0-1024, 8080-8082, 10000-40000 }
}
}
Without this change, nft will crash. We end up in setelem_expr_to_range()
with prefix "/16" for the symbolic expression "172.16.0.0".
We than pass invalid mpz_t pointer into libgmp.
This isn't a real fix, but instead of blindly assuming that the attached
expression has a gmp value die with at least some info.
Signed-off-by: Florian Westphal <fw@strlen.de>
case EXPR_RANGE:
break;
case EXPR_PREFIX:
+ if (expr->key->prefix->etype != EXPR_VALUE)
+ BUG("Prefix for unexpected type %d", expr->key->prefix->etype);
+
mpz_init(rop);
mpz_bitmask(rop, expr->key->len - expr->key->prefix_len);
if (expr_basetype(expr)->type == TYPE_STRING)
projects / thirdparty / nftables.git / commitdiff
