evaluate: fix bogus assertion failure with boolean datatype

The assertion is too strict, as found by afl++:

typeof iifname . ip saddr . meta ipsec
elements = { "eth0" . 10.1.1.2 . 1 }

meta ipsec is boolean (1 bit), but datasize of 1 is set at 8 bit.

Fixes: 22b750aa6dc9 ("src: allow use of base integer types as set keys in concatenations")
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/evaluate.c b/src/evaluate.c
index 715c398a19aedf1acbe7fe84254f08fdb9e1e5cc..1b3e8097454da1509a5aa0e38593241546aeb9b3 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -4679,14 +4679,15 @@ static int set_expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr)
                                                 "expressions",
                                                 i->dtype->name);
 
-               if (i->dtype->size)
-                       assert(i->len == i->dtype->size);
-
                flags &= i->flags;
 
                ntype = concat_subtype_add(ntype, i->dtype->type);
 
                dsize_bytes = div_round_up(i->len, BITS_PER_BYTE);
+
+               if (i->dtype->size)
+                       assert(dsize_bytes == div_round_up(i->dtype->size, BITS_PER_BYTE));
+
                (*expr)->field_len[(*expr)->field_count++] = dsize_bytes;
                size += netlink_padded_len(i->len);
        }

diff --git a/tests/shell/testcases/sets/dumps/typeof_sets_0.nft b/tests/shell/testcases/sets/dumps/typeof_sets_0.nft
index 6f5b83af6bb9203404c7cc9da9e2c94c2841ca09..63fc5b14513730038891d61200dc04282a3e9f5a 100644 (file)
--- a/tests/shell/testcases/sets/dumps/typeof_sets_0.nft
+++ b/tests/shell/testcases/sets/dumps/typeof_sets_0.nft
@@ -55,6 +55,11 @@ table inet t {
                elements = { 3567 . 1.2.3.4 }
        }
 
+       set s12 {
+               typeof iifname . ip saddr . meta ipsec
+               elements = { "eth0" . 10.1.1.2 . exists }
+       }
+
        chain c1 {
                osf name @s1 accept
        }
@@ -94,4 +99,8 @@ table inet t {
        chain c11 {
                vlan id . ip saddr @s11 accept
        }
+
+       chain c12 {
+               iifname . ip saddr . meta ipsec @s12 accept
+       }
 }

diff --git a/tests/shell/testcases/sets/typeof_sets_0 b/tests/shell/testcases/sets/typeof_sets_0
index 92555a1f923efdefac7a62cad6cc398a5c887342..016227da62425fc2ebb95cde384e74d62954c7f3 100755 (executable)
--- a/tests/shell/testcases/sets/typeof_sets_0
+++ b/tests/shell/testcases/sets/typeof_sets_0
@@ -113,6 +113,10 @@ INPUT="table inet t {$INPUT_OSF_SET
                typeof vlan id . ip saddr
                elements = { 3567 . 1.2.3.4 }
        }
+       set s12 {
+               typeof meta iifname . ip saddr . meta ipsec
+               elements = { \"eth0\" . 10.1.1.2 . 1 }
+       }
 $INPUT_OSF_CHAIN
        chain c2 {
                ether type vlan vlan id @s2 accept
@@ -138,6 +142,10 @@ $INPUT_VERSION_CHAIN
        chain c11 {
                ether type vlan vlan id . ip saddr @s11 accept
        }
+
+       chain c12 {
+               meta iifname . ip saddr . meta ipsec @s12 accept
+       }
 }"
 
 EXPECTED="table inet t {$INPUT_OSF_SET
@@ -181,6 +189,11 @@ $INPUT_VERSION_SET
                typeof vlan id . ip saddr
                elements = { 3567 . 1.2.3.4 }
        }
+
+       set s12 {
+               typeof iifname . ip saddr . meta ipsec
+               elements = { \"eth0\" . 10.1.1.2 . exists }
+       }
 $INPUT_OSF_CHAIN
        chain c2 {
                vlan id @s2 accept
@@ -205,6 +218,10 @@ $INPUT_SCTP_CHAIN$INPUT_VERSION_CHAIN
        chain c11 {
                vlan id . ip saddr @s11 accept
        }
+
+       chain c12 {
+               iifname . ip saddr . meta ipsec @s12 accept
+       }
 }"