From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 10 Jun 2024 17:08:20 +0000 (+0200)
Subject: monitor: too large shift exponent displaying payload expression
X-Git-Tag: v1.0.6.1~203
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cefd040c51e07ed91d9a6a112afd27ef37a6f3a4;p=thirdparty%2Fnftables.git

monitor: too large shift exponent displaying payload expression

commit 016f37f1268fa1003c46c66655697d3f58d86598 upstream.

ASAN reports too large shift exponent when displaying traces for raw
payload expression:

  trace id ec23e848 ip x y packet: oif "wlan0" src/netlink.c:2100:32: runtime error: shift exponent 1431657095 is too large for 32-bit type 'int'

skip if proto_unknown_template is set on in this payload expression.

Fixes: be5d9120e81e ("nft monitor [ trace ]")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/netlink.c b/src/netlink.c
index 24dd7fa9..853a1e3e 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -2046,6 +2046,7 @@ restart:
 		/* Skip unknown and filtered expressions */
 		desc = lhs->payload.desc;
 		if (lhs->dtype == &invalid_type ||
+		    lhs->payload.tmpl == &proto_unknown_template ||
 		    desc->checksum_key == payload_hdr_field(lhs) ||
 		    desc->format.filter & (1 << payload_hdr_field(lhs))) {
 			expr_free(lhs);