From: Florian Westphal <fw@strlen.de>
Date: Thu, 14 Dec 2023 16:56:59 +0000 (+0100)
Subject: evaluate: exthdr: statement arg must be not be a range
X-Git-Tag: v1.0.6.1~272
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7a0fd52f19f7fc5f10d1a6008e166c003ad3ed2f;p=thirdparty%2Fnftables.git

evaluate: exthdr: statement arg must be not be a range

commit 8eeedce89d8bf0ad58da398782c2ca8a91d83a32 upstream.

Else we get:
BUG: unknown expression type range
nft: src/netlink_linearize.c:909: netlink_gen_expr: Assertion `0' failed.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index e16f8f62..9778750b 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2890,14 +2890,27 @@ static bool stmt_evaluate_payload_need_csum(const struct expr *payload)
 static int stmt_evaluate_exthdr(struct eval_ctx *ctx, struct stmt *stmt)
 {
 	struct expr *exthdr;
+	int ret;
 
 	if (__expr_evaluate_exthdr(ctx, &stmt->exthdr.expr) < 0)
 		return -1;
 
 	exthdr = stmt->exthdr.expr;
-	return stmt_evaluate_arg(ctx, stmt, exthdr->dtype, exthdr->len,
-				 BYTEORDER_BIG_ENDIAN,
-				 &stmt->exthdr.val);
+	ret = stmt_evaluate_arg(ctx, stmt, exthdr->dtype, exthdr->len,
+				BYTEORDER_BIG_ENDIAN,
+				&stmt->exthdr.val);
+	if (ret < 0)
+		return ret;
+
+	switch (stmt->exthdr.val->etype) {
+	case EXPR_RANGE:
+		return expr_error(ctx->msgs, stmt->exthdr.val,
+				   "cannot be a range");
+	default:
+		break;
+	}
+
+	return 0;
 }
 
 static int stmt_evaluate_payload(struct eval_ctx *ctx, struct stmt *stmt)
diff --git a/tests/shell/testcases/bogons/nft-f/exthdr_with_range_bug b/tests/shell/testcases/bogons/nft-f/exthdr_with_range_bug
new file mode 100644
index 00000000..e307e7cc
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/exthdr_with_range_bug
@@ -0,0 +1 @@
+add rule t c ip option ra set 0-1