[PATCH nft 0/6] Misc parser fixes

Florian Westphal <fw@xxxxxxxxx> · Mon, 19 Jun 2023 22:43:00 +0200

These patches fix various bugs in the parsing
and evaluation steps.

I added a new 'bogons' test dir to shell, this can be used
to collect invalid inputs that should be rejected instead
of nft exiting with an assertion failure.

Florian Westphal (6):
  json: dccp: remove erroneous const qualifier
  evaluate: do not abort when prefix map has non-map element
  parser: don't assert on scope underflows
  parser: reject zero-length interface names
  parser: reject zero-length interface names in flowtables
  ct timeout: fix 'list object x' vs. 'list objects in table' confusion

 include/rule.h                                |  1 +
 src/cache.c                                   |  1 +
 src/evaluate.c                                | 18 ++++--
 src/parser_bison.y                            | 61 ++++++++++++++-----
 src/parser_json.c                             |  2 +-
 src/rule.c                                    |  1 +
 tests/shell/testcases/bogons/assert_failures  | 12 ++++
 .../nat_prefix_map_with_set_element_assert    |  7 +++
 .../bogons/nft-f/scope_underflow_assert       |  6 ++
 .../nft-f/zero_length_devicename_assert       |  5 ++
 .../zero_length_devicename_flowtable_assert   |  5 ++
 11 files changed, 98 insertions(+), 21 deletions(-)
 create mode 100755 tests/shell/testcases/bogons/assert_failures
 create mode 100644 tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert
 create mode 100644 tests/shell/testcases/bogons/nft-f/scope_underflow_assert
 create mode 100644 tests/shell/testcases/bogons/nft-f/zero_length_devicename_assert
 create mode 100644 tests/shell/testcases/bogons/nft-f/zero_length_devicename_flowtable_assert

-- 
2.39.3