From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 10 Jun 2019 11:51:20 +0000 (+0200)
Subject: expression: use expr_clone() from verdict_expr_clone()
X-Git-Tag: v0.9.1~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aaf0167f2615372c1baaff327d1fb89d4297a52a;p=thirdparty%2Fnftables.git

expression: use expr_clone() from verdict_expr_clone()

Chains are now expressions, do not assume a constant value is used.

==26302== Process terminating with default action of signal 11 (SIGSEGV)
==26302==  Access not within mapped region at address 0x50
==26302==    at 0x67D7EE7: __gmpz_init_set (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.3.2)
==26302==    by 0x4E61224: expr_clone (expression.c:65)
==26302==    by 0x4E7898B: interval_map_decompose (segtree.c:943)
==26302==    by 0x4E6DDA0: netlink_list_setelems (netlink.c:882)
==26302==    by 0x4E5A806: cache_init_objects (rule.c:166)
==26302==    by 0x4E5A806: cache_init (rule.c:216)
==26302==    by 0x4E5A806: cache_update (rule.c:266)
==26302==    by 0x4E7E0EE: nft_evaluate (libnftables.c:388)
==26302==    by 0x4E7E8AB: nft_run_cmd_from_buffer (libnftables.c:428)

Fixes: f1e8a129ee42 ("src: Introduce chain_expr in jump and goto statements")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/expression.c b/src/expression.c
index a41e2dafe..ef694f2a1 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -217,7 +217,7 @@ static void verdict_expr_clone(struct expr *new, const struct expr *expr)
 {
 	new->verdict = expr->verdict;
 	if (expr->chain != NULL)
-		mpz_init_set(new->chain->value, expr->chain->value);
+		new->chain = expr_clone(expr->chain);
 }
 
 static void verdict_expr_destroy(struct expr *expr)