git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Sun, 13 Jul 2025 21:59:30 +0000 (23:59 +0200)
committer	Florian Westphal <fw@strlen.de>
	Wed, 16 Jul 2025 18:36:27 +0000 (20:36 +0200)
commit	8cb7cfc2d8c7f2d8dec804ab028883c1d260e717
tree	0bd797d0b263df47bc7ab9ebb3c6ff7edc34867b	tree
parent	fda6e2a0486804a68c352f384aedd549b7e81a40	commit \| diff

evaluate: fix crash with invalid elements in set

ctx->ectx.key can be cleared, causing a crash:

src/nft --check -f tests/shell/testcases/bogons/nft-f/set_with_bad_elem
AddressSanitizer:DEADLYSIGNAL
    #0 0x7ffb57098c0d in elem_key_compatible src/evaluate.c:1934
    #1 0x7ffb5709926d in expr_evaluate_set_elem src/evaluate.c:1979
    #2 0x7ffb570a540f in expr_evaluate src/evaluate.c:3159
    #3 0x7ffb57095f33 in list_member_evaluate src/evaluate.c:1652
    #4 0x7ffb57099f92 in expr_evaluate_set src/evaluate.c:2066
    #5 0x7ffb570a53f7 in expr_evaluate src/evaluate.c:3157
    ..
AddressSanitizer: SEGV src/evaluate.c:1934 in elem_key_compatible

After:
set_with_bad_elem:4:39-46: Error: Element mismatches set definition, expected IPv4 address, not 'integer'
  elements = { 1.2.3.4, tcp << 8 }
                        ^^^^^^^^

Use ctx->set->key instead.

Fixes: 7f4d7fef31bd ("evaluate: check element key vs. set definition")
Signed-off-by: Florian Westphal <fw@strlen.de>

src/evaluate.c		diff \| blob \| blame \| history
tests/shell/testcases/bogons/nft-f/set_with_bad_elem	[new file with mode: 0644]	blob