On Tue, Dec 05, 2023 at 02:14:48PM +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Tue, Dec 05, 2023 at 01:20:26PM +0100, Florian Westphal wrote: > > > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > > > if (!desc) { > > > > > - if (field != TCPOPT_COMMON_KIND || kind > 255) > > > > > + if (kind > 255) > > > > > return NULL; > > > > > > > > Another suggestion: Remove this NULL, it leaves lhs as NULL in the > > > > relational. kind > 255 cannot ever happen, parser rejects numbers over > > > > 255. > > > > > > We can also feed this via input from udata (typeof). > > > So I'd rather not assert() or rely on bison checks. > > > > OK, but then NULL does not help either, that will crash on evaluation too. > > > > You could narrow down kind and field in tcpopt_expr_alloc() to uint8_t. > > Unfortunately, no. 'kind' is overloaded, SACK blocks 1/2/3/4 use values > gt 255, see TCPOPT_KIND_SACK3 at end of enum tcpopt_kind. OK, patch is fine then.