Hi Jeremy,
On Fri, Dec 16, 2022 at 08:27:14PM +0000, Jeremy Sowden wrote:
> The action associated with the `{numberstring}` pattern, passes `yytext`
> to `strtoull` with base 0:
>
> errno = 0;
> yylval->val = strtoull(yytext, NULL, 0);
> if (errno != 0) {
> yylval->string = xstrdup(yytext);
> return STRING;
> }
> return NUM;
>
> If `yytext` begins with '0', it will be parsed as octal. However, this
> has unexpected consequences if the token contains non-octal characters.
> `09` will be parsed as 0; `0308` will be parsed as 24, because
> `strtoull` and its siblings stop parsing as soon as they reach a
> character in the input which is not valid for the base.
>
> Replace the `{numberstring}` match with separate `{hexstring}` and
> `{decstring}` matches. For `{decstring}` set the base to 8 if the
> leading character is '0', and handle an incompletely parsed token in
> the same way as one that causes `strtoull` to set `errno`.
>
> Thus, instead of:
>
> $ sudo nft -f - <<<'
> table x {
> chain y {
> ip saddr 0308 continue comment "parsed as 0.0.0.24/32"
> }
> }
> '
> $ sudo nft list chain x y
> table ip x {
> chain y {
> ip saddr 0.0.0.24 continue comment "parsed as 0.0.0.24/32"
> }
> }
>
> We get:
>
> $ sudo ./src/nft -f - <<<'
> > table x {
> > chain y {
> > ip saddr 0308 continue comment "error"
> > }
> > }
> > '
> /dev/stdin:4:14-17: Error: Could not resolve hostname: Name or service not known
> ip saddr 0308 continue comment "error"
> ^^^^
>
> Add a test-case.
Applied, thanks.
I am sorry I missed this patch before the release.
