From: Florian Westphal <fw@strlen.de>
Date: Thu, 11 Jan 2024 12:11:22 +0000 (+0100)
Subject: payload: only assert if l2 header base has no length
X-Git-Tag: v1.1.0~123
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=9cc41467c75ab6beb35e0d7c34d04acd1a44861b;p=thirdparty%2Fnftables.git

payload: only assert if l2 header base has no length

nftables will assert in some cases because the sanity check is done even
for network and transport header bases.

However, stacked headers are only supported for the link layer.
Move the assertion around and add a test case for this.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/payload.c b/src/payload.c
index 5de3d320..44aa834c 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -118,11 +118,10 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
 
 	assert(desc->base <= PROTO_BASE_MAX);
 	if (desc->base == base->base) {
-		assert(base->length > 0);
-
 		if (!left->payload.is_raw) {
 			if (desc->base == PROTO_BASE_LL_HDR &&
 			    ctx->stacked_ll_count < PROTO_CTX_NUM_PROTOS) {
+				assert(base->length > 0);
 				ctx->stacked_ll[ctx->stacked_ll_count] = base;
 				ctx->stacked_ll_count++;
 			}
diff --git a/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert
new file mode 100644
index 00000000..64bd596a
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert
@@ -0,0 +1 @@
+x x comp nexthdr comp