51 lines
1.6 KiB
Diff
51 lines
1.6 KiB
Diff
From 032c9f745c6daab8c27176a95963b1c32b0a5d12 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Thu, 24 Sep 2020 17:38:45 +0200
|
|
Subject: evaluate: Reject quoted strings containing only wildcard
|
|
|
|
Fix for an assertion fail when trying to match against an all-wildcard
|
|
interface name:
|
|
|
|
| % nft add rule t c iifname '"*"'
|
|
| nft: expression.c:402: constant_expr_alloc: Assertion `(((len) + (8) - 1) / (8)) > 0' failed.
|
|
| zsh: abort nft add rule t c iifname '"*"'
|
|
|
|
Fix this by detecting the string in expr_evaluate_string() and returning
|
|
an error message:
|
|
|
|
| % nft add rule t c iifname '"*"'
|
|
| Error: All-wildcard strings are not supported
|
|
| add rule t c iifname "*"
|
|
| ^^^
|
|
|
|
While being at it, drop the 'datalen >= 1' clause from the following
|
|
conditional as together with the added check for 'datalen == 0', all
|
|
possible other values have been caught already.
|
|
Conflict: NA
|
|
Reference: http://git.netfilter.org/nftables/commit/?id=032c9f745c6daab8c27176a95963b1c32b0a5d12
|
|
|
|
---
|
|
src/evaluate.c | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index c8045e5d..5f17d750 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -324,8 +324,11 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp)
|
|
return 0;
|
|
}
|
|
|
|
- if (datalen >= 1 &&
|
|
- data[datalen - 1] == '\\') {
|
|
+ if (datalen == 0)
|
|
+ return expr_error(ctx->msgs, expr,
|
|
+ "All-wildcard strings are not supported");
|
|
+
|
|
+ if (data[datalen - 1] == '\\') {
|
|
char unescaped_str[data_len];
|
|
|
|
memset(unescaped_str, 0, sizeof(unescaped_str));
|
|
--
|
|
cgit v1.2.3
|