On Tue, Dec 05, 2023 at 02:14:48PM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > On Tue, Dec 05, 2023 at 01:20:26PM +0100, Florian Westphal wrote:
> > > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > > > if (!desc) {
> > > > > - if (field != TCPOPT_COMMON_KIND || kind > 255)
> > > > > + if (kind > 255)
> > > > > return NULL;
> > > >
> > > > Another suggestion: Remove this NULL, it leaves lhs as NULL in the
> > > > relational. kind > 255 cannot ever happen, parser rejects numbers over
> > > > 255.
> > >
> > > We can also feed this via input from udata (typeof).
> > > So I'd rather not assert() or rely on bison checks.
> >
> > OK, but then NULL does not help either, that will crash on evaluation too.
> >
> > You could narrow down kind and field in tcpopt_expr_alloc() to uint8_t.
>
> Unfortunately, no. 'kind' is overloaded, SACK blocks 1/2/3/4 use values
> gt 255, see TCPOPT_KIND_SACK3 at end of enum tcpopt_kind.
OK, patch is fine then.
