[PATCH nft] tcpopt: bogus assertion on undefined options

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Wed, 11 Aug 2021 05:43:45 +0200

# nft add rule x y tcp option 6 exists
 # nft list ruleset
 nft: tcpopt.c:208: tcpopt_init_raw: Assertion `expr->exthdr.desc != NULL' failed.
 Aborted

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1557
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 src/tcpopt.c                  |  3 ++-
 tests/py/any/tcpopt.t         |  1 +
 tests/py/any/tcpopt.t.json    | 17 +++++++++++++++++
 tests/py/any/tcpopt.t.payload |  5 +++++
 4 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/tcpopt.c b/src/tcpopt.c
index 05b5ee6e3a0b..53fe9bc860a8 100644
--- a/src/tcpopt.c
+++ b/src/tcpopt.c
@@ -200,7 +200,8 @@ void tcpopt_init_raw(struct expr *expr, uint8_t type, unsigned int off,
 	else
 		datatype_set(expr, &integer_type);
 
-	if (type >= array_size(tcpopt_protocols))
+	if (type >= array_size(tcpopt_protocols) ||
+	    !tcpopt_protocols[type])
 		return;
 
 	expr->exthdr.desc = tcpopt_protocols[type];
diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t
index f17a20b59492..bcc64eac2e21 100644
--- a/tests/py/any/tcpopt.t
+++ b/tests/py/any/tcpopt.t
@@ -31,6 +31,7 @@ tcp option timestamp length 1;ok
 tcp option timestamp tsval 1;ok
 tcp option timestamp tsecr 1;ok
 tcp option 255 missing;ok
+tcp option 6 exists;ok
 tcp option @255,8,8 255;ok
 
 tcp option foobar;fail
diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json
index 139e97d8f043..a45b4c8b5c58 100644
--- a/tests/py/any/tcpopt.t.json
+++ b/tests/py/any/tcpopt.t.json
@@ -414,6 +414,23 @@
     }
 ]
 
+# tcp option 6 exists
+[
+    {
+        "match": {
+            "left": {
+                "tcp option": {
+                    "base": 6,
+                    "len": 8,
+                    "offset": 0
+                }
+            },
+            "op": "==",
+            "right": true
+        }
+    }
+]
+
 # tcp option 255 missing
 [
     {
diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload
index 1005df32ab33..51f3a7527668 100644
--- a/tests/py/any/tcpopt.t.payload
+++ b/tests/py/any/tcpopt.t.payload
@@ -133,6 +133,11 @@ inet
   [ exthdr load tcpopt 1b @ 255 + 0 present => reg 1 ]
   [ cmp eq reg 1 0x00000000 ]
 
+# tcp option 6 exists
+inet
+  [ exthdr load tcpopt 1b @ 6 + 0 present => reg 1 ]
+  [ cmp eq reg 1 0x00000001 ]
+
 # tcp option @255,8,8 255
 inet
   [ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ]
-- 
2.20.1







