Re: [nft PATCH 1/3] evaluate: check for NULL datatype in rhs in lookup expr

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [nft PATCH 1/3] evaluate: check for NULL datatype in rhs in lookup expr
Date: Fri, 13 May 2016 11:38:56 +0200	[thread overview]
Message-ID: <20160513093856.GA4008@salvia> (raw)
In-Reply-To: <146296620273.3706.17267671338035433056.stgit@nfdev2.cica.es>

On Wed, May 11, 2016 at 01:30:02PM +0200, Arturo Borrero Gonzalez wrote:
> If we are evaluating an EXPR_SET_REF, check if right->dtype is not NULL.
> We can hit SEGFAULT if for whatever reason the referenced object does not
> exists.
> 
> Using this testfile (note the invalid set syntax):
> 
> % cat test.nft
> flush ruleset
> add table t
> add chain t c
> add set t s {type ipv4_addr\;}
> add rule t c ip saddr @s
> 
> Without this patch:
> 
> % nft -f test.nft
> Segmentation fault
> 
> With this patch:
> 
> % nft -f test.nft
> t.nft:4:28-28: Error: syntax error, unexpected junk, expecting newline or semicolon
> add set t s {type ipv4_addr\;}
>                            ^
> t.nft:4:13-29: Error: set definition does not specify key data type
> add set t s {type ipv4_addr\;}
>             ^^^^^^^^^^^^^^^^^
> t.nft:5:23-24: Error: the referenced object does not exists

I have reworded this to: "the referenced set does not exist"

> add rule t c ip saddr @s
>              ~~~~~~~~ ^^

Applied, thanks Arturo.

> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
> ---
>  src/evaluate.c |   35 ++++++++++++++++++++++++++---------
>  1 file changed, 26 insertions(+), 9 deletions(-)
> 
> diff --git a/src/evaluate.c b/src/evaluate.c
> index 7444d09..6840790 100644
> --- a/src/evaluate.c
> +++ b/src/evaluate.c
> @@ -1210,16 +1210,33 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
>  
>  	switch (rel->op) {
>  	case OP_LOOKUP:
> -		/* A literal set expression implicitly declares the set */
> -		if (right->ops->type == EXPR_SET)
> +		switch (right->ops->type) {
> +		case EXPR_SET:
> +			/* A literal set expression implicitly declares
> +			 * the set
> +			 */
>  			right = rel->right =
> -				implicit_set_declaration(ctx, left->dtype, left->len, right);
> -		else if (!datatype_equal(left->dtype, right->dtype))
> -			return expr_binary_error(ctx->msgs, right, left,
> -						 "datatype mismatch, expected %s, "
> -						 "set has type %s",
> -						 left->dtype->desc,
> -						 right->dtype->desc);
> +				implicit_set_declaration(ctx, left->dtype,
> +							 left->len, right);
> +			break;
> +		case EXPR_SET_REF:
> +			if (right->dtype == NULL)
> +				return expr_binary_error(ctx->msgs, right,
> +							 left, "the referenced"
> +							 " object does not "
> +							 "exists");
> +			if (!datatype_equal(left->dtype, right->dtype))
> +				return expr_binary_error(ctx->msgs, right,
> +							 left, "datatype "
> +							 "mismatch, expected "
> +							 "%s, set has type %s",
> +							 left->dtype->desc,
> +							 right->dtype->desc);
> +			break;
> +		default:
> +			BUG("unhandled right expression type %u\n",
> +			    right->ops->type);

I have also replaced this by the typical:

                       BUG("Unknown expression %s\n", right->ops->name);

next prev parent reply	other threads:[~2016-05-13  9:39 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-11 11:30 [nft PATCH 1/3] evaluate: check for NULL datatype in rhs in lookup expr Arturo Borrero Gonzalez
2016-05-11 11:30 ` [nft PATCH 2/3] tests/shell: add testcase for 'nft -f' load with actions Arturo Borrero Gonzalez
2016-05-13  9:39   ` Pablo Neira Ayuso
2016-05-11 11:30 ` [nft PATCH 3/3] tests/shell: add testcase to catch segfault if invalid syntax was used Arturo Borrero Gonzalez
2016-05-13  9:40   ` Pablo Neira Ayuso
2016-05-13 10:29     ` Arturo Borrero Gonzalez
2016-05-13  9:38 ` Pablo Neira Ayuso [this message]
2016-05-13 10:28   ` [nft PATCH 1/3] evaluate: check for NULL datatype in rhs in lookup expr Arturo Borrero Gonzalez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160513093856.GA4008@salvia \
    --to=pablo@netfilter.org \
    --cc=arturo.borrero.glez@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.