From: Florian Westphal <fw@strlen.de>
Date: Tue, 5 Aug 2025 19:40:14 +0000 (+0200)
Subject: evaluate: check XOR RHS operand is a constant value
X-Git-Tag: v1.1.5~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e20f54ef678c277c733055ef74f4515d6491c64;p=thirdparty%2Fnftables.git

evaluate: check XOR RHS operand is a constant value

Now that we support non-constant RHS side in binary operations,
reject XOR with non-constant key: we cannot transfer the expression.

Fixes: 54bfc38c522b ("src: allow binop expressions with variable right-hand operands")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 8f037601..0a430c82 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2578,16 +2578,20 @@ static int binop_can_transfer(struct eval_ctx *ctx,
 
 	switch (left->op) {
 	case OP_LSHIFT:
+		assert(left->right->etype == EXPR_VALUE);
+		assert(right->etype == EXPR_VALUE);
+
 		if (mpz_scan1(right->value, 0) < mpz_get_uint32(left->right->value))
 			return expr_binary_error(ctx->msgs, right, left,
 						 "Comparison is always false");
 		return 1;
 	case OP_RSHIFT:
+		assert(left->right->etype == EXPR_VALUE);
 		if (ctx->ectx.len < right->len + mpz_get_uint32(left->right->value))
 			ctx->ectx.len += mpz_get_uint32(left->right->value);
 		return 1;
 	case OP_XOR:
-		return 1;
+		return expr_is_constant(left->right);
 	default:
 		return 0;
 	}