evaluate: fix expr_set_context call for shift binops.

expr_evaluate_binop calls expr_set_context for shift expressions to set
the context data-type to `integer`.  This clobbers the byte-order of the
context, resulting in unexpected conversions to NBO.  For example:

  $ sudo nft flush ruleset
  $ sudo nft add table t
  $ sudo nft add chain t c '{ type filter hook output priority mangle; }'
  $ sudo nft add rule t c oif lo tcp dport ssh ct mark set '0x10 | 0xe'
  $ sudo nft add rule t c oif lo tcp dport ssh ct mark set '0xf << 1'
  $ sudo nft list table t
  table ip t {
          chain c {
                  type filter hook output priority mangle; policy accept;
                  oif "lo" tcp dport 22 ct mark set 0x0000001e
                  oif "lo" tcp dport 22 ct mark set 0x1e000000
          }
  }

Replace it with a call to __expr_set_context and set the byteorder to
that of the left operand since this is the value being shifted.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 817b23220bb9f23cfa9c6276987a1d42b5ccfb98..34e4473e4c9a279510ea191d48189c86828a6e53 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1145,7 +1145,8 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr)
        left = op->left;
 
        if (op->op == OP_LSHIFT || op->op == OP_RSHIFT)
-               expr_set_context(&ctx->ectx, &integer_type, ctx->ectx.len);
+               __expr_set_context(&ctx->ectx, &integer_type,
+                                  left->byteorder, ctx->ectx.len, 0);
        if (expr_evaluate(ctx, &op->right) < 0)
                return -1;
        right = op->right;