Its possible to end up with prefix expressions that have
a symbolic expression, e.g.:
table t {
set s {
type inet_service
flags interval
elements = { 0-1024, 8080-8082, 10000-40000 }
elements = { 172.16.0.0/16 }
}
set s {
type inet_service
flags interval
elements = { 0-1024, 8080-8082, 10000-40000 }
}
}
Without this change, nft will crash. We end up in setelem_expr_to_range()
with prefix "/16" for the symbolic expression "172.16.0.0".
We than pass invalid mpz_t pointer into libgmp.
This isn't the right fix (see next patch), but instead of blindly assuming
that the attached expression has a gmp value die with at least some info.
Its possible there are more ways than one to feed such
"symbol-with-prefix" down into the interval code, so also add this
assertion.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/intervals.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/intervals.c b/src/intervals.c
index e535fc34afda..5a88a8eb20bd 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -28,6 +28,9 @@ static void setelem_expr_to_range(struct expr *expr)
case EXPR_RANGE:
break;
case EXPR_PREFIX:
+ if (expr->key->prefix->etype != EXPR_VALUE)
+ BUG("Prefix for unexpected type %d", expr->key->prefix->etype);
+
mpz_init(rop);
mpz_bitmask(rop, expr->key->len - expr->key->prefix_len);
if (expr_basetype(expr)->type == TYPE_STRING)
--
2.41.0
