|
|
1374ad |
From 805fe6f5c9c8f2af78d8e94bd6b5c33724df3c80 Mon Sep 17 00:00:00 2001
|
|
|
1374ad |
From: Phil Sutter <psutter@redhat.com>
|
|
|
1374ad |
Date: Tue, 18 May 2021 18:16:21 +0200
|
|
|
1374ad |
Subject: [PATCH] evaluate: Reject quoted strings containing only wildcard
|
|
|
1374ad |
|
|
|
1374ad |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1818117
|
|
|
1374ad |
Upstream Status: nftables commit 032c9f745c6da
|
|
|
1374ad |
|
|
|
1374ad |
commit 032c9f745c6daab8c27176a95963b1c32b0a5d12
|
|
|
1374ad |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
1374ad |
Date: Thu Sep 24 17:38:45 2020 +0200
|
|
|
1374ad |
|
|
|
1374ad |
evaluate: Reject quoted strings containing only wildcard
|
|
|
1374ad |
|
|
|
1374ad |
Fix for an assertion fail when trying to match against an all-wildcard
|
|
|
1374ad |
interface name:
|
|
|
1374ad |
|
|
|
1374ad |
| % nft add rule t c iifname '"*"'
|
|
|
1374ad |
| nft: expression.c:402: constant_expr_alloc: Assertion `(((len) + (8) - 1) / (8)) > 0' failed.
|
|
|
1374ad |
| zsh: abort nft add rule t c iifname '"*"'
|
|
|
1374ad |
|
|
|
1374ad |
Fix this by detecting the string in expr_evaluate_string() and returning
|
|
|
1374ad |
an error message:
|
|
|
1374ad |
|
|
|
1374ad |
| % nft add rule t c iifname '"*"'
|
|
|
1374ad |
| Error: All-wildcard strings are not supported
|
|
|
1374ad |
| add rule t c iifname "*"
|
|
|
1374ad |
| ^^^
|
|
|
1374ad |
|
|
|
1374ad |
While being at it, drop the 'datalen >= 1' clause from the following
|
|
|
1374ad |
conditional as together with the added check for 'datalen == 0', all
|
|
|
1374ad |
possible other values have been caught already.
|
|
|
1374ad |
---
|
|
|
1374ad |
src/evaluate.c | 7 +++++--
|
|
|
1374ad |
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
1374ad |
|
|
|
1374ad |
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
|
1374ad |
index a966ed4..0181750 100644
|
|
|
1374ad |
--- a/src/evaluate.c
|
|
|
1374ad |
+++ b/src/evaluate.c
|
|
|
1374ad |
@@ -321,8 +321,11 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp)
|
|
|
1374ad |
return 0;
|
|
|
1374ad |
}
|
|
|
1374ad |
|
|
|
1374ad |
- if (datalen >= 1 &&
|
|
|
1374ad |
- data[datalen - 1] == '\\') {
|
|
|
1374ad |
+ if (datalen == 0)
|
|
|
1374ad |
+ return expr_error(ctx->msgs, expr,
|
|
|
1374ad |
+ "All-wildcard strings are not supported");
|
|
|
1374ad |
+
|
|
|
1374ad |
+ if (data[datalen - 1] == '\\') {
|
|
|
1374ad |
char unescaped_str[data_len];
|
|
|
1374ad |
|
|
|
1374ad |
memset(unescaped_str, 0, sizeof(unescaped_str));
|
|
|
1374ad |
--
|
|
|
bfbb76 |
2.31.1
|
|
|
1374ad |
|