Pablo reports following list bug:
table ip foo {
map whitelist {
typeof ip saddr . ip daddr : meta mark
elements = { 0x0 [invalid type] . 0x0 [invalid type] : 0x00000001,
0x0 [invalid type] . 0x0 [invalid type] : 0x00000002 }
}
}
Problem is that concat provided 'invalid' dtype.
Reported-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/expression.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/expression.c b/src/expression.c
index 863cf86ec1d0..6605beb30407 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -906,8 +906,9 @@ static int concat_parse_udata_nested(const struct nftnl_udata *attr, void *data)
static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
{
const struct nftnl_udata *ud[NFTNL_UDATA_SET_KEY_CONCAT_NEST_MAX] = {};
+ const struct datatype *dtype;
struct expr *concat_expr;
- struct datatype *dtype;
+ uint32_t dt = 0;
unsigned int i;
int err;
@@ -920,8 +921,6 @@ static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
if (!concat_expr)
return NULL;
- dtype = xzalloc(sizeof(*dtype));
-
for (i = 0; i < array_size(ud); i++) {
const struct nftnl_udata *nest_ud[NFTNL_UDATA_SET_KEY_CONCAT_SUB_MAX];
const struct nftnl_udata *nested, *subdata;
@@ -948,11 +947,14 @@ static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
if (!expr)
goto err_free;
- dtype->subtypes++;
+ dt = concat_subtype_add(dt, expr->dtype->type);
compound_expr_add(concat_expr, expr);
- dtype->size += round_up(expr->len, BITS_PER_BYTE * sizeof(uint32_t));
}
+ dtype = concat_type_alloc(dt);
+ if (!dtype)
+ goto err_free;
+
concat_expr->dtype = dtype;
concat_expr->len = dtype->size;
--
2.24.1
