On Mon, 15 Jul 2024 13:54:03 +0200
Florian Westphal <fw@xxxxxxxxx> wrote:
> The initial buffer has to be inited to all-ones, but it must restrict
> it to the size of the first field, not the total field size.
>
> After each round in the map search step, the result and the fill map
> are swapped, so if we have a set where f->bsize of the first element
> is smaller than m->bsize_max, those one-bits are leaked into future
> rounds result map.
>
> This makes pipapo find an incorrect matching results for sets where
> first field size is not the largest.
>
> Followup patch adds a test case to nft_concat_range.sh selftest script.
>
> Thanks to Stefano Brivio for pointing out that we need to zero out
> the remainder explicitly, only correcting memset() argument isn't enough.
Thanks for fixing this!
> Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges")
> Reported-by: Yi Chen <yiche@xxxxxxxxxx>
> Cc: Stefano Brivio <sbrivio@xxxxxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Reviewed-by: Stefano Brivio <sbrivio@xxxxxxxxxx>
--
Stefano
