From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nft] scanner: treat invalid octal strings as strings
Date: Thu, 22 Dec 2022 11:02:20 +0000 [thread overview]
Message-ID: <Y6Q5PIB5ZIXFpJ40@celephais.dreamlands> (raw)
In-Reply-To: <Y6Q3AUkBrNbB2JBO@salvia>
[-- Attachment #1: Type: text/plain, Size: 1476 bytes --]
On 2022-12-22, at 11:52:49 +0100, Pablo Neira Ayuso wrote:
> On Thu, Dec 22, 2022 at 11:38:39AM +0100, Pablo Neira Ayuso wrote:
> > On Fri, Dec 16, 2022 at 08:27:14PM +0000, Jeremy Sowden wrote:
> [...]
> > > We get:
> > >
> > > $ sudo ./src/nft -f - <<<'
> > > > table x {
> > > > chain y {
> > > > ip saddr 0308 continue comment "error"
> > > > }
> > > > }
> > > > '
> > > /dev/stdin:4:14-17: Error: Could not resolve hostname: Name or service not known
> > > ip saddr 0308 continue comment "error"
> > > ^^^^
> > >
> > > Add a test-case.
> >
> > Applied, thanks.
> >
> > I am sorry I missed this patch before the release.
>
> Hm. I thought this patch just fixes the parsing of octals.
>
> iptables and iproute seem to support for octals?
So does nft. However, 0308 is not valid octal, and nft was silently
truncating it to 030.
For hex and decimal, we know that the entire number string is valid in
the base and only have to worry whether it is too long and may result in
a out-of-range error. For octal, there is also the possibility that the
string may contain 8 or 9. This patch adds a check for this and if the
check fails the failure is handled as an error in the same way it would
be if strtoull had reported `ERANGE`.
I did consider adding an `{octalstring}` match to handle octal
separately from decimal, but in the end the solution in this patch
seemed simpler.
J.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-12-22 11:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-16 20:27 [PATCH nft] scanner: treat invalid octal strings as strings Jeremy Sowden
2022-12-22 10:38 ` Pablo Neira Ayuso
2022-12-22 10:52 ` Pablo Neira Ayuso
2022-12-22 11:02 ` Jeremy Sowden [this message]
2022-12-22 11:23 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y6Q5PIB5ZIXFpJ40@celephais.dreamlands \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).