evaluate: clone unary expression datatype to deal with dynamic datatype

When allocating a unary expression, clone the datatype to deal with
dynamic datatypes.

Fixes: 6b01bb9ff798 ("datatype: concat expression only releases dynamically allocated datatype")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index bcf83d804f32b7edd69f00ee044e10abd5af3e36..2ead03471102d498c5b601081de1cda489b14f27 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1245,7 +1245,7 @@ static int expr_evaluate_unary(struct eval_ctx *ctx, struct expr **expr)
                BUG("invalid unary operation %u\n", unary->op);
        }
 
-       unary->dtype     = arg->dtype;
+       unary->dtype     = datatype_clone(arg->dtype);
        unary->byteorder = byteorder;
        unary->len       = arg->len;
        return 0;

diff --git a/tests/shell/testcases/maps/dumps/vmap_unary.nft b/tests/shell/testcases/maps/dumps/vmap_unary.nft
new file mode 100644 (file)
index 0000000..46c538b
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/vmap_unary.nft
@@ -0,0 +1,11 @@
+table ip filter {
+       map ipsec_in {
+               typeof ipsec in reqid . iif : verdict
+               flags interval
+       }
+
+       chain INPUT {
+               type filter hook input priority filter; policy drop;
+               ipsec in reqid . iif vmap @ipsec_in
+       }
+}

diff --git a/tests/shell/testcases/maps/vmap_unary b/tests/shell/testcases/maps/vmap_unary
new file mode 100755 (executable)
index 0000000..4038d1c
--- /dev/null
+++ b/tests/shell/testcases/maps/vmap_unary
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip filter {
+       map ipsec_in {
+               typeof ipsec in reqid . iif : verdict
+               flags interval
+       }
+
+       chain INPUT {
+               type filter hook input priority 0; policy drop
+               ipsec in reqid . iif vmap @ipsec_in
+       }
+}"
+
+$NFT -f - <<< $RULESET