Before:
nft: gmputil.c:77: mpz_get_uint8: Assertion `cnt <= 1' failed.
After: Error: reject code must be integer in range 0-255
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/evaluate.c | 7 +++++++
.../testcases/bogons/nft-f/icmp_reject_type_uint8_assert | 1 +
2 files changed, 8 insertions(+)
create mode 100644 tests/shell/testcases/bogons/nft-f/icmp_reject_type_uint8_assert
diff --git a/src/evaluate.c b/src/evaluate.c
index c78cfd7a1d6e..89b84cd03864 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3598,6 +3598,13 @@ static int stmt_evaluate_reject_icmp(struct eval_ctx *ctx, struct stmt *stmt)
erec_queue(erec, ctx->msgs);
return -1;
}
+
+ if (mpz_cmp_ui(code->value, 255) > 0) {
+ expr_free(code);
+ return expr_error(ctx->msgs, stmt->reject.expr,
+ "reject code must be integer in range 0-255");
+ }
+
stmt->reject.icmp_code = mpz_get_uint8(code->value);
expr_free(code);
diff --git a/tests/shell/testcases/bogons/nft-f/icmp_reject_type_uint8_assert b/tests/shell/testcases/bogons/nft-f/icmp_reject_type_uint8_assert
new file mode 100644
index 000000000000..1fc85b2938cc
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/icmp_reject_type_uint8_assert
@@ -0,0 +1 @@
+rule t c reject with icmp 512
--
2.41.0
