Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Tue, Dec 05, 2023 at 01:20:26PM +0100, Florian Westphal wrote:
> > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > > if (!desc) {
> > > > - if (field != TCPOPT_COMMON_KIND || kind > 255)
> > > > + if (kind > 255)
> > > > return NULL;
> > >
> > > Another suggestion: Remove this NULL, it leaves lhs as NULL in the
> > > relational. kind > 255 cannot ever happen, parser rejects numbers over
> > > 255.
> >
> > We can also feed this via input from udata (typeof).
> > So I'd rather not assert() or rely on bison checks.
>
> OK, but then NULL does not help either, that will crash on evaluation too.
>
> You could narrow down kind and field in tcpopt_expr_alloc() to uint8_t.
Unfortunately, no. 'kind' is overloaded, SACK blocks 1/2/3/4 use values
gt 255, see TCPOPT_KIND_SACK3 at end of enum tcpopt_kind.
