commit
8cb7cfc2d8c7f2d8dec804ab028883c1d260e717 upstream.
ctx->ectx.key can be cleared, causing a crash:
src/nft --check -f tests/shell/testcases/bogons/nft-f/set_with_bad_elem
AddressSanitizer:DEADLYSIGNAL
#0 0x7ffb57098c0d in elem_key_compatible src/evaluate.c:1934
#1 0x7ffb5709926d in expr_evaluate_set_elem src/evaluate.c:1979
#2 0x7ffb570a540f in expr_evaluate src/evaluate.c:3159
#3 0x7ffb57095f33 in list_member_evaluate src/evaluate.c:1652
#4 0x7ffb57099f92 in expr_evaluate_set src/evaluate.c:2066
#5 0x7ffb570a53f7 in expr_evaluate src/evaluate.c:3157
..
AddressSanitizer: SEGV src/evaluate.c:1934 in elem_key_compatible
After:
set_with_bad_elem:4:39-46: Error: Element mismatches set definition, expected IPv4 address, not 'integer'
elements = { 1.2.3.4, tcp << 8 }
^^^^^^^^
Use ctx->set->key instead.
Fixes: 7f4d7fef31bd ("evaluate: check element key vs. set definition")
Signed-off-by: Florian Westphal <fw@strlen.de>
}
}
- if (ctx->set && !elem_key_compatible(ctx->ectx.key, elem->key))
+ if (ctx->set && !elem_key_compatible(ctx->set->key, elem->key))
return expr_error(ctx->msgs, elem,
"Element mismatches %s definition, expected %s, not '%s'",
set_is_map(ctx->set->flags) ? "map" : "set",
- ctx->ectx.key->dtype->desc, elem->key->dtype->desc);
+ ctx->set->key->dtype->desc, elem->key->dtype->desc);
datatype_set(elem, elem->key->dtype);
elem->len = elem->key->len;
--- /dev/null
+table t {
+ set y {
+ typeof ip daddr
+ elements = { 1.2.3.4, tcp << 8 }
+ }
+}
projects / thirdparty / nftables.git / commitdiff
