[PATCH nft] evaluate: remove superfluous check in set

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft] evaluate: remove superfluous check in set_evaluate()
@ 2020-06-07 16:21 Pablo Neira Ayuso
  2020-06-07 16:21 ` [PATCH nft] netlink: release dummy rule object from netlink_parse_set_expr() Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-06-07 16:21 UTC (permalink / raw)
  To: netfilter-devel

If set_is_objmap() is true, then set->data is always NULL.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/evaluate.c b/src/evaluate.c
index fb58c053d4ae..42040b6efe02 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3532,11 +3532,6 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
 			return set_key_data_error(ctx, set,
 						  set->data->dtype, type);
 	} else if (set_is_objmap(set->flags)) {
-		if (set->data) {
-			assert(set->data->etype == EXPR_VALUE);
-			assert(set->data->dtype == &string_type);
-		}
-
 		assert(set->data == NULL);
 		set->data = constant_expr_alloc(&netlink_location, &string_type,
 						BYTEORDER_HOST_ENDIAN,
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [PATCH nft] netlink: release dummy rule object from netlink_parse_set_expr()
  2020-06-07 16:21 [PATCH nft] evaluate: remove superfluous check in set_evaluate() Pablo Neira Ayuso
@ 2020-06-07 16:21 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-06-07 16:21 UTC (permalink / raw)
  To: netfilter-devel

netlink_parse_set_expr() creates a dummy rule object to reuse the
existing netlink parser. Release the rule object to fix a memleak.
Zap the statement list to avoid a use-after-free since the statement
needs to remain in place after releasing the rule.

==21601==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2016 byte(s) in 4 object(s) allocated from:
    #0 0x7f7824b26330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
    #1 0x7f78245fcebd in xmalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:36
    #2 0x7f78245fd016 in xzalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:65
    #3 0x7f782456f0b5 in rule_alloc /home/pablo/devel/scm/git-netfilter/nftables/src/rule.c:623

Add a test to check for set counters.

SUMMARY: AddressSanitizer: 2016 byte(s) leaked in 4 allocation(s).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c                      |  8 +++++++-
 tests/shell/testcases/sets/0048set_counters_0  | 18 ++++++++++++++++++
 .../sets/dumps/0048set_counters_0.nft          | 13 +++++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100755 tests/shell/testcases/sets/0048set_counters_0
 create mode 100644 tests/shell/testcases/sets/dumps/0048set_counters_0.nft

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 7f7ad2626e14..8de4830c4f80 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1682,13 +1682,19 @@ struct stmt *netlink_parse_set_expr(const struct set *set,
 				    const struct nftnl_expr *nle)
 {
 	struct netlink_parse_ctx ctx, *pctx = &ctx;
+	struct handle h = {};
 
-	pctx->rule = rule_alloc(&netlink_location, &set->handle);
+	handle_merge(&h, &set->handle);
+	pctx->rule = rule_alloc(&netlink_location, &h);
 	pctx->table = table_lookup(&set->handle, cache);
 	assert(pctx->table != NULL);
 
 	if (netlink_parse_expr(nle, pctx) < 0)
 		return NULL;
+
+	init_list_head(&pctx->rule->stmts);
+	rule_free(pctx->rule);
+
 	return pctx->stmt;
 }
 
diff --git a/tests/shell/testcases/sets/0048set_counters_0 b/tests/shell/testcases/sets/0048set_counters_0
new file mode 100755
index 000000000000..e62d25df799c
--- /dev/null
+++ b/tests/shell/testcases/sets/0048set_counters_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="table ip x {
+          set y {
+                  typeof ip saddr
+                  counter
+                  elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 }
+          }
+
+          chain z {
+                  type filter hook output priority filter; policy accept;
+                  ip daddr @y
+          }
+}"
+
+$NFT -f - <<< "$EXPECTED"
diff --git a/tests/shell/testcases/sets/dumps/0048set_counters_0.nft b/tests/shell/testcases/sets/dumps/0048set_counters_0.nft
new file mode 100644
index 000000000000..2145f6b11b88
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0048set_counters_0.nft
@@ -0,0 +1,13 @@
+table ip x {
+	set y {
+		typeof ip saddr
+		counter
+		elements = { 192.168.10.35 counter packets 0 bytes 0, 192.168.10.101 counter packets 0 bytes 0,
+			     192.168.10.135 counter packets 0 bytes 0 }
+	}
+
+	chain z {
+		type filter hook output priority filter; policy accept;
+		ip daddr @y
+	}
+}
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-06-07 16:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-07 16:21 [PATCH nft] evaluate: remove superfluous check in set_evaluate() Pablo Neira Ayuso
2020-06-07 16:21 ` [PATCH nft] netlink: release dummy rule object from netlink_parse_set_expr() Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).