evaluate: fix crash with invalid elements in set

ctx->ectx.key can be cleared, causing a crash:

src/nft --check -f tests/shell/testcases/bogons/nft-f/set_with_bad_elem
AddressSanitizer:DEADLYSIGNAL
    #0 0x7ffb57098c0d in elem_key_compatible src/evaluate.c:1934
    #1 0x7ffb5709926d in expr_evaluate_set_elem src/evaluate.c:1979
    #2 0x7ffb570a540f in expr_evaluate src/evaluate.c:3159
    #3 0x7ffb57095f33 in list_member_evaluate src/evaluate.c:1652
    #4 0x7ffb57099f92 in expr_evaluate_set src/evaluate.c:2066
    #5 0x7ffb570a53f7 in expr_evaluate src/evaluate.c:3157
    ..
AddressSanitizer: SEGV src/evaluate.c:1934 in elem_key_compatible

After:
set_with_bad_elem:4:39-46: Error: Element mismatches set definition, expected IPv4 address, not 'integer'
  elements = { 1.2.3.4, tcp << 8 }
                        ^^^^^^^^

Use ctx->set->key instead.

Fixes: 7f4d7fef31bd ("evaluate: check element key vs. set definition")
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/evaluate.c b/src/evaluate.c
index 9c9059086058587273ad16953a56dd42bb804061..f7e97ef7ea10f52facd1f48aa7f734446edce4c7 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1976,11 +1976,11 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr)
                }
        }
 
-       if (ctx->set && !elem_key_compatible(ctx->ectx.key, elem->key))
+       if (ctx->set && !elem_key_compatible(ctx->set->key, elem->key))
                return expr_error(ctx->msgs, elem,
                                  "Element mismatches %s definition, expected %s, not '%s'",
                                  set_is_map(ctx->set->flags) ? "map" : "set",
-                                 ctx->ectx.key->dtype->desc, elem->key->dtype->desc);
+                                 ctx->set->key->dtype->desc, elem->key->dtype->desc);
 
        datatype_set(elem, elem->key->dtype);
        elem->len   = elem->key->len;

diff --git a/tests/shell/testcases/bogons/nft-f/set_with_bad_elem b/tests/shell/testcases/bogons/nft-f/set_with_bad_elem
new file mode 100644 (file)
index 0000000..626ad08
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/set_with_bad_elem
@@ -0,0 +1,6 @@
+table t {
+        set y {
+                typeof ip daddr
+                elements = { 1.2.3.4, tcp << 8 }
+        }
+}