[PATCH nft] intervals: restrict check missing elements fix to sets with no auto-merge

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft] intervals: restrict check missing elements fix to sets with no auto-merge
@ 2023-01-12 21:37 Pablo Neira Ayuso
  0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2023-01-12 21:37 UTC (permalink / raw)
  To: netfilter-devel

If auto-merge is enabled, skip check for element mismatch introduced by
6d1ee9267e7e ("intervals: check for EXPR_F_REMOVE in case of element
mismatch"), which is only relevant to sets with no auto-merge.

The interval adjustment routine for auto-merge already checks for
unexisting intervals in that case.

Uncovered via ASAN:

0x60d00000014c is located 60 bytes inside of 144-byte region [0x60d000000110,0x60d0000001a0)
freed by thread T0 here:
    #0 0x7fbdb7eae507 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
    #1 0x7fbdb741a01e in xfree /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:29
    #2 0x7fbdb7304473 in expr_free /home/pablo/devel/scm/git-netfilter/nftables/src/expression.c:98
    #3 0x7fbdb7391fdd in adjust_elem_left /home/pablo/devel/scm/git-netfilter/nftables/src/intervals.c:304
    #4 0x7fbdb73939e1 in setelem_adjust /home/pablo/devel/scm/git-netfilter/nftables/src/intervals.c:359

Fixes: 6d1ee9267e7e ("intervals: check for EXPR_F_REMOVE in case of element mismatch")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/intervals.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/intervals.c b/src/intervals.c
index 13009ca1b888..95e25cf09662 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -416,11 +416,12 @@ static int setelem_delete(struct list_head *msgs, struct set *set,
 				list_del(&i->list);
 				expr_free(i);
 			}
-		} else if (set->automerge &&
-			   setelem_adjust(set, purge, &prev_range, &range, prev, i) < 0) {
-			expr_error(msgs, i, "element does not exist");
-			err = -1;
-			goto err;
+		} else if (set->automerge) {
+			if (setelem_adjust(set, purge, &prev_range, &range, prev, i) < 0) {
+				expr_error(msgs, i, "element does not exist");
+				err = -1;
+				goto err;
+			}
 		} else if (i->flags & EXPR_F_REMOVE) {
 			expr_error(msgs, i, "element does not exist");
 			err = -1;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2023-01-12 21:46 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-12 21:37 [PATCH nft] intervals: restrict check missing elements fix to sets with no auto-merge Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).