git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 21 Dec 2023 10:25:14 +0000 (11:25 +0100)
committer	Florian Westphal <fw@strlen.de>
	Fri, 22 Dec 2023 10:57:46 +0000 (11:57 +0100)
commit	dcb199544563ded462cb7151134278f82a9e6cfd
tree	b1a1937e32bf5eda4126fb288751fdddb9fbda42	tree
parent	b9e19cc396347df8c7f8cf5d14ba1d6172040f16	commit \| diff

src: do not allow to chain more than 16 binops

netlink_linearize.c has never supported more than 16 chained binops.
Adding more is possible but overwrites the stack in
netlink_gen_bitwise().

Add a recursion counter to catch this at eval stage.

Its not enough to just abort once the counter hits
NFT_MAX_EXPR_RECURSION.

This is because there are valid test cases that exceed this.
For example, evaluation of 1 | 2 will merge the constans, so even
if there are a dozen recursive eval calls this will not end up
with large binop chain post-evaluation.

v2: allow more than 16 binops iff the evaluation function
did constant-merging.

Signed-off-by: Florian Westphal <fw@strlen.de>

include/expression.h		diff \| blob \| blame \| history
include/rule.h		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/netlink_linearize.c		diff \| blob \| blame \| history
tests/shell/testcases/bogons/nft-f/huge_binop_expr_chain_crash	[new file with mode: 0644]	blob