]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c9f934c) | patch
intervals: BUG on prefix expressions without value
authorFlorian Westphal <fw@strlen.de>
Tue, 19 Dec 2023 11:14:37 +0000 (12:14 +0100)
committerFlorian Westphal <fw@strlen.de>
Tue, 19 Dec 2023 15:10:37 +0000 (16:10 +0100)
commit49721e28db3e7b28f443bf963547c12f4dcf856d
treeebd1952051ffc24d89767d55995e7720fadaa75ftree
parentc9f934ca446de5041ce6f19e4ee6a0c74b120186commit | diff
intervals: BUG on prefix expressions without value

Its possible to end up with prefix expressions that have
a symbolic expression, e.g.:

table t {
        set s {
                type inet_service
                flags interval
                elements = { 172.16.0.0/16 }
        }

        set s {
                type inet_service
                flags interval
                elements = { 0-1024, 8080-8082, 10000-40000 }
        }
}

Without this change, nft will crash.  We end up in setelem_expr_to_range()
with prefix "/16" for the symbolic expression "172.16.0.0".

We than pass invalid mpz_t pointer into libgmp.

This isn't a real fix, but instead of blindly assuming that the attached
expression has a gmp value die with at least some info.

Signed-off-by: Florian Westphal <fw@strlen.de>
src/intervals.c diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables