Add assert() to validate that expression lists contain EXPR_SET_ELEM.
This allows to detect potential subtle bugs when dereferencing struct
expr.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
struct expr *new, *j;
list_for_each_entry(j, &expr_set(i->key->left)->expressions, list) {
+ assert(j->etype == EXPR_SET_ELEM);
+
new = mapping_expr_alloc(&i->location,
expr_get(j->key),
expr_get(i->key->right));
struct expr *set = rel->right, *i;
i = list_first_entry(&expr_set(set)->expressions, struct expr, list);
- if (i->etype == EXPR_SET_ELEM &&
- list_empty(&i->stmt_list)) {
+ assert (i->etype == EXPR_SET_ELEM);
+ if (list_empty(&i->stmt_list)) {
switch (i->key->etype) {
case EXPR_PREFIX:
case EXPR_RANGE:
LIST_HEAD(tmp);
list_for_each_entry_safe(expr, next, &expr_set(dev_expr)->expressions, list) {
- list_del(&expr->list);
-
- switch (expr->etype) {
- case EXPR_SET_ELEM:
- key = expr_clone(expr->key);
- expr_free(expr);
- expr = key;
- break;
- default:
- BUG("invalid expression type %s", expr_name(expr));
- break;
- }
+ assert(expr->etype == EXPR_SET_ELEM);
+ list_del(&expr->list);
+ key = expr_clone(expr->key);
+ expr_free(expr);
+ expr = key;
list_add(&expr->list, &tmp);
}
ops->pctx_update(ctx, &expr->location, left, right);
else if (right->etype == EXPR_SET) {
list_for_each_entry(i, &expr_set(right)->expressions, list) {
- if (i->etype == EXPR_SET_ELEM &&
- i->key->etype == EXPR_VALUE)
+ assert(i->etype == EXPR_SET_ELEM);
+
+ if (i->key->etype == EXPR_VALUE)
ops->pctx_update(ctx, &expr->location, left, i->key);
}
} else if (ops == &meta_expr_ops &&
nft_print(octx, "{ ");
list_for_each_entry(i, &expr_set(expr)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
nft_print(octx, "%s", d);
expr_print(i, octx);
count++;
{
struct expr *i, *next;
- list_for_each_entry_safe(i, next, &expr_set(expr)->expressions, list)
+ list_for_each_entry_safe(i, next, &expr_set(expr)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
expr_free(i);
+ }
}
static void set_expr_set_type(const struct expr *expr,
{
struct expr *i;
- list_for_each_entry(i, &expr_set(expr)->expressions, list)
+ list_for_each_entry(i, &expr_set(expr)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
expr_set_type(i, dtype, byteorder);
+ }
}
static const struct expr_ops set_expr_ops = {
mpz_init(rop);
list_for_each_entry_safe(i, next, &expr_set(ctx->init)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
if (expr_type_catchall(i->key))
continue;
struct expr *i, *elem;
list_for_each_entry(i, &expr_set(init)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
elem = interval_expr_key(i);
setelem_expr_to_range(elem);
}
setelem_automerge(&ctx);
list_for_each_entry_safe(i, next, &expr_set(init)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
if (i->flags & EXPR_F_KERNEL) {
list_move_tail(&i->list, &expr_set(existing_set->init)->expressions);
} else if (existing_set) {
mpz_init(rop);
list_for_each_entry_safe(elem, next, &expr_set(elems)->expressions, list) {
+ assert(elem->etype == EXPR_SET_ELEM);
+
i = interval_expr_key(elem);
if (expr_type_catchall(i->key)) {
mpz_init(rop);
list_for_each_entry_safe(elem, next, &expr_set(init)->expressions, list) {
+ assert(elem->etype == EXPR_SET_ELEM);
+
i = interval_expr_key(elem);
if (expr_type_catchall(i->key))
err = setelem_overlap(msgs, set, init);
list_for_each_entry_safe(i, n, &expr_set(init)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
if (i->flags & EXPR_F_KERNEL)
list_move_tail(&i->list, &expr_set(existing_set->init)->expressions);
else if (existing_set) {
mpz_t p;
list_for_each_entry_safe(i, n, &expr_set(init)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
elem = interval_expr_key(i);
if (expr_type_catchall(elem->key))
json_t *array = json_array();
const struct expr *i;
- list_for_each_entry(i, &expr_set(set->init)->expressions, list)
+ list_for_each_entry(i, &expr_set(set->init)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
json_array_append_new(array, expr_print_json(i, octx));
+ }
json_object_set_new(root, "elem", array);
}
json_t *array = json_array();
const struct expr *i;
- list_for_each_entry(i, &expr_set(expr)->expressions, list)
+ list_for_each_entry(i, &expr_set(expr)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
json_array_append_new(array, expr_print_json(i, octx));
+ }
return nft_json_pack("{s:o}", "set", array);
}
const struct expr *expr;
list_for_each_entry(expr, &expr_set(set)->expressions, list) {
+ assert(expr->etype == EXPR_SET_ELEM);
+
nlse = alloc_nftnl_setelem(set, expr);
nftnl_set_elem_add(nls, nlse);
}
struct expr *elem;
elem = list_first_entry(&expr_set(set->init)->expressions, struct expr, list);
+ assert(elem->etype == EXPR_SET_ELEM);
- if (elem->etype == EXPR_SET_ELEM &&
- elem->key->etype == EXPR_VALUE)
+ if (elem->key->etype == EXPR_VALUE)
payload_icmp_check(ctx, payload, elem->key);
}
}
expr_postprocess(ctx, &expr->right);
break;
case EXPR_SET:
- list_for_each_entry(i, &expr_set(expr)->expressions, list)
+ list_for_each_entry(i, &expr_set(expr)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
expr_postprocess(ctx, &i);
+ }
break;
case EXPR_CONCAT:
expr_postprocess_concat(ctx, exprp);
mappings = stmt_b->expr->mappings;
list_for_each_entry(expr, &expr_set(mappings)->expressions, list) {
+ assert(expr->etype == EXPR_SET_ELEM);
mapping = expr_clone(expr);
set_expr_add(stmt_a->expr->mappings, mapping);
}
switch (stmt_a->expr->right->etype) {
case EXPR_SET:
list_for_each_entry(expr, &expr_set(stmt_a->expr->right)->expressions, list) {
+ assert(expr->etype == EXPR_SET_ELEM);
concat_clone = expr_clone(concat);
clone = expr_clone(expr->key);
concat_expr_add(concat_clone, clone);
break;
case EXPR_SET:
list_for_each_entry(item, &expr_set(expr)->expressions, list) {
+ assert(item->etype == EXPR_SET_ELEM);
mapping = mapping_expr_alloc(&internal_location, expr_get(item->key),
expr_get(verdict->expr));
new_init = set_expr_alloc(&internal_location, NULL);
list_for_each_entry(i, &expr_set(init)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
switch (i->key->etype) {
case EXPR_VALUE:
set_elem_add(set, new_init, i->key->value,
mpz_init2(val, set->key->len);
list_for_each_entry(i, &expr_set(set->init)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
key = expr_value(i);
switch (key->etype) {
case EXPR_VALUE:
mpz_t range, p;
list_for_each_entry_safe(i, next, &expr_set(set)->expressions, list) {
+ assert(i->etype == EXPR_SET_ELEM);
+
if (!start) {
start = i;
continue;
projects / thirdparty / nftables.git / commitdiff
