git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 11 Jun 2024 15:40:23 +0000 (17:40 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 11 Jun 2024 21:32:56 +0000 (23:32 +0200)
commit	be055af5c58d9a4751990684d8f83b85082ca443
tree	b57a96b31e59a74c20dbf3a2f383101d2cdfaf50	tree
parent	1f321f86c45fce88a5bcd6f8eafa0157248c8b38	commit \| diff

cmd: skip variable set elements when collapsing commands

ASAN reports an issue when collapsing commands that represent an element
through a variable:

include/list.h:60:13: runtime error: member access within null pointer of type 'struct list_head'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==11398==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ffb77cf09c2 bp 0x7ffc818267c0 sp 0x7ffc818267a0 T0)
==11398==The signal is caused by a WRITE memory access.
==11398==Hint: address points to the zero page.
    #0 0x7ffb77cf09c2 in __list_add include/list.h:60
    #1 0x7ffb77cf0ad9 in list_add_tail include/list.h:87
    #2 0x7ffb77cf0e72 in list_move_tail include/list.h:169
    #3 0x7ffb77cf86ad in nft_cmd_collapse src/cmd.c:478
    #4 0x7ffb77da9f16 in nft_evaluate src/libnftables.c:531
    #5 0x7ffb77dac471 in __nft_run_cmd_from_filename src/libnftables.c:720
    #6 0x7ffb77dad703 in nft_run_cmd_from_filename src/libnftables.c:807

Skip such commands to address this issue.

This patch also extends tests/shell to cover for this bug.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1754
Fixes: 498a5f0c219d ("rule: collapse set element commands")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/cmd.c		diff \| blob \| blame \| history
tests/shell/testcases/sets/collapse_elem_0		diff \| blob \| blame \| history
tests/shell/testcases/sets/dumps/collapse_elem_0.json-nft		diff \| blob \| blame \| history
tests/shell/testcases/sets/dumps/collapse_elem_0.nft		diff \| blob \| blame \| history