Blame SOURCES/0045-evaluate-Reject-quoted-strings-containing-only-wildc.patch

1374ad
From 805fe6f5c9c8f2af78d8e94bd6b5c33724df3c80 Mon Sep 17 00:00:00 2001
1374ad
From: Phil Sutter <psutter@redhat.com>
1374ad
Date: Tue, 18 May 2021 18:16:21 +0200
1374ad
Subject: [PATCH] evaluate: Reject quoted strings containing only wildcard
1374ad
1374ad
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1818117
1374ad
Upstream Status: nftables commit 032c9f745c6da
1374ad
1374ad
commit 032c9f745c6daab8c27176a95963b1c32b0a5d12
1374ad
Author: Phil Sutter <phil@nwl.cc>
1374ad
Date:   Thu Sep 24 17:38:45 2020 +0200
1374ad
1374ad
    evaluate: Reject quoted strings containing only wildcard
1374ad
1374ad
    Fix for an assertion fail when trying to match against an all-wildcard
1374ad
    interface name:
1374ad
1374ad
    | % nft add rule t c iifname '"*"'
1374ad
    | nft: expression.c:402: constant_expr_alloc: Assertion `(((len) + (8) - 1) / (8)) > 0' failed.
1374ad
    | zsh: abort      nft add rule t c iifname '"*"'
1374ad
1374ad
    Fix this by detecting the string in expr_evaluate_string() and returning
1374ad
    an error message:
1374ad
1374ad
    | % nft add rule t c iifname '"*"'
1374ad
    | Error: All-wildcard strings are not supported
1374ad
    | add rule t c iifname "*"
1374ad
    |                      ^^^
1374ad
1374ad
    While being at it, drop the 'datalen >= 1' clause from the following
1374ad
    conditional as together with the added check for 'datalen == 0', all
1374ad
    possible other values have been caught already.
1374ad
---
1374ad
 src/evaluate.c | 7 +++++--
1374ad
 1 file changed, 5 insertions(+), 2 deletions(-)
1374ad
1374ad
diff --git a/src/evaluate.c b/src/evaluate.c
1374ad
index a966ed4..0181750 100644
1374ad
--- a/src/evaluate.c
1374ad
+++ b/src/evaluate.c
1374ad
@@ -321,8 +321,11 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp)
1374ad
 		return 0;
1374ad
 	}
1374ad
 
1374ad
-	if (datalen >= 1 &&
1374ad
-	    data[datalen - 1] == '\\') {
1374ad
+	if (datalen == 0)
1374ad
+		return expr_error(ctx->msgs, expr,
1374ad
+				  "All-wildcard strings are not supported");
1374ad
+
1374ad
+	if (data[datalen - 1] == '\\') {
1374ad
 		char unescaped_str[data_len];
1374ad
 
1374ad
 		memset(unescaped_str, 0, sizeof(unescaped_str));
1374ad
-- 
bfbb76
2.31.1
1374ad