concat: provide proper dtype when parsing typeof udata

Pablo reports following list bug:
table ip foo {
        map whitelist {
                typeof ip saddr . ip daddr : meta mark
                elements = { 0x0 [invalid type] . 0x0 [invalid type] : 0x00000001,
                             0x0 [invalid type] . 0x0 [invalid type] : 0x00000002 }
        }
}

Problem is that concat provided 'invalid' dtype.

Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/expression.c b/src/expression.c
index 863cf86ec1d0570a94f089b76d2bb9cb1a535a77..6605beb304070fba80b7a677010ad99b80eef873 100644 (file)
--- a/src/expression.c
+++ b/src/expression.c
@@ -906,8 +906,9 @@ static int concat_parse_udata_nested(const struct nftnl_udata *attr, void *data)
 static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
 {
        const struct nftnl_udata *ud[NFTNL_UDATA_SET_KEY_CONCAT_NEST_MAX] = {};
+       const struct datatype *dtype;
        struct expr *concat_expr;
-       struct datatype *dtype;
+       uint32_t dt = 0;
        unsigned int i;
        int err;
 
@@ -920,8 +921,6 @@ static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
        if (!concat_expr)
                return NULL;
 
-       dtype = xzalloc(sizeof(*dtype));
-
        for (i = 0; i < array_size(ud); i++) {
                const struct nftnl_udata *nest_ud[NFTNL_UDATA_SET_KEY_CONCAT_SUB_MAX];
                const struct nftnl_udata *nested, *subdata;
@@ -948,11 +947,14 @@ static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
                if (!expr)
                        goto err_free;
 
-               dtype->subtypes++;
+               dt = concat_subtype_add(dt, expr->dtype->type);
                compound_expr_add(concat_expr, expr);
-               dtype->size += round_up(expr->len, BITS_PER_BYTE * sizeof(uint32_t));
        }
 
+       dtype = concat_type_alloc(dt);
+       if (!dtype)
+               goto err_free;
+
        concat_expr->dtype = dtype;
        concat_expr->len = dtype->size;
 

diff --git a/tests/shell/testcases/maps/dumps/typeof_maps_0.nft b/tests/shell/testcases/maps/dumps/typeof_maps_0.nft
index 4361ca3d91062e1b96fd64bdc25dd89219c86734..faa73cd1af84b41c9e22090c41a96e5319b5e000 100644 (file)
--- a/tests/shell/testcases/maps/dumps/typeof_maps_0.nft
+++ b/tests/shell/testcases/maps/dumps/typeof_maps_0.nft
@@ -9,8 +9,15 @@ table inet t {
                elements = { 1 : 0x00000001, 4095 : 0x00004095 }
        }
 
+       map m3 {
+               typeof ip saddr . ip daddr : meta mark
+               elements = { 1.2.3.4 . 5.6.7.8 : 0x00000001,
+                            2.3.4.5 . 6.7.8.9 : 0x00000002 }
+       }
+
        chain c {
                ct mark set osf name map @m1
                meta mark set vlan id map @m2
+               meta mark set ip saddr . ip daddr map @m3
        }
 }

diff --git a/tests/shell/testcases/maps/typeof_maps_0 b/tests/shell/testcases/maps/typeof_maps_0
index 950bbf1ce9ecad75cb3c233aa177ddc801c41b25..e1c4bba9f182ac6f82b620f1af17bce0f64cc867 100755 (executable)
--- a/tests/shell/testcases/maps/typeof_maps_0
+++ b/tests/shell/testcases/maps/typeof_maps_0
@@ -16,9 +16,16 @@ EXPECTED="table inet t {
                             4095 : 0x4095 }
        }
 
+       map m3 {
+               typeof ip saddr . ip daddr : meta mark
+               elements = { 1.2.3.4 . 5.6.7.8 : 0x00000001,
+                            2.3.4.5 . 6.7.8.9 : 0x00000002 }
+       }
+
        chain c {
                ct mark set osf name map @m1
                ether type vlan meta mark set vlan id map @m2
+               meta mark set ip saddr . ip daddr map @m3
        }
 }"