From: Florian Westphal <fw@strlen.de>
Date: Mon, 4 Dec 2023 18:04:58 +0000 (+0100)
Subject: evaluate: disable meta set with ranges
X-Git-Tag: v1.1.0~182
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d99b44adc5cfc455fdafd9b4bdabd413edf9a38a;p=thirdparty%2Fnftables.git

evaluate: disable meta set with ranges

... this will cause an assertion in netlink linearization, catch this
at eval stage instead.

before:
BUG: unknown expression type range
nft: netlink_linearize.c:908: netlink_gen_expr: Assertion `0' failed.

after:
/unknown_expr_type_range_assert:3:31-40: Error: Meta expression cannot be a range
meta mark set 0x001-3434
              ^^^^^^^^^^

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 51ae276a..131b0a0e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3169,6 +3169,19 @@ static int stmt_evaluate_meta(struct eval_ctx *ctx, struct stmt *stmt)
 				&stmt->meta.expr);
 	ctx->stmt_len = 0;
 
+	if (ret < 0)
+		return ret;
+
+	switch (stmt->meta.expr->etype) {
+	case EXPR_RANGE:
+		ret = expr_error(ctx->msgs, stmt->meta.expr,
+				 "Meta expression cannot be a range");
+		break;
+	default:
+		break;
+
+	}
+
 	return ret;
 }
 
diff --git a/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert b/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert
new file mode 100644
index 00000000..234dd623
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert
@@ -0,0 +1,5 @@
+table ip x {
+        chain k {
+                meta mark set 0x001-3434
+        }
+}