From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 16 Mar 2021 23:44:09 +0000 (+0100)
Subject: segtree: release single element already contained in an interval
X-Git-Tag: v0.9.9~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd54a9bb2da0686ad3684741f3b8f6696639013f;p=thirdparty%2Fnftables.git

segtree: release single element already contained in an interval

Before this patch:

 table ip x {
        chain y {
                ip saddr { 1.1.1.1-1.1.1.2, 1.1.1.1 }
        }
 }

results in:

 table ip x {
        chain y {
                ip saddr { 1.1.1.1 }
        }
 }

due to incorrect interval merge logic.

If the element 1.1.1.1 is already contained in an existing interval
1.1.1.1-1.1.1.2, release it.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1512
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/segtree.c b/src/segtree.c
index 9aa39e52d..ad1993555 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -210,6 +210,12 @@ static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 			ei = lei;
 			goto err;
 		}
+		/* single element contained in an existing interval */
+		if (mpz_cmp(new->left, new->right) == 0) {
+			ei_destroy(new);
+			goto out;
+		}
+
 		/*
 		 * The new interval is entirely contained in the same interval,
 		 * split it into two parts:
@@ -277,7 +283,7 @@ static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 	}
 
 	__ei_insert(tree, new);
-
+out:
 	mpz_clear(p);
 
 	return 0;
diff --git a/tests/shell/testcases/sets/0061anonymous_automerge_0 b/tests/shell/testcases/sets/0061anonymous_automerge_0
new file mode 100755
index 000000000..2dfb800e1
--- /dev/null
+++ b/tests/shell/testcases/sets/0061anonymous_automerge_0
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip x {
+	chain y {
+		ip saddr { 1.1.1.1-1.1.1.2, 1.1.1.1 }
+	}
+}"
+
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/dumps/0061anonymous_automerge_0.nft b/tests/shell/testcases/sets/dumps/0061anonymous_automerge_0.nft
new file mode 100644
index 000000000..04361f4c5
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0061anonymous_automerge_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+	chain y {
+		ip saddr { 1.1.1.1-1.1.1.2 }
+	}
+}