segtree: bogus range via get set element on existing elements

table ip x { set y { type inet_service flags interval elements = { 10, 20-30, 40, 50-60 } } } # nft get element x y { 20-40 } table ip x { set y { type inet_service flags interval elements = { 20-40 } } } 20 and 40 exist in the tree, but they are part of different ranges. This patch adds a new get_set_decompose() function to validate that the left and the right side of the range. Reported-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-10-01 14:51:24 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-10-03 12:19:35 +0200
commit: 95629758a5ec36313d839f8545fef0dc220408d8 (patch)
tree: 87d41f7f29438af6b5ca75731282c22d0dc57a2b /src/netlink.c
parent: 2e0ea44c99e466ea0bcb6aca5de95e2c7284f09c (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/netlink.c b/src/netlink.c
index f795d984..7c3082bb 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1361,8 +1361,9 @@ int netlink_get_setelem(struct netlink_ctx *ctx, const struct handle *h,
 	nftnl_set_free(nls_out);
 	ctx->set = NULL;
 
-	if (set->flags & NFT_SET_INTERVAL)
-		get_set_decompose(table, set);
+	if (set->flags & NFT_SET_INTERVAL &&
+	    get_set_decompose(table, set) < 0)
+		return -1;
 
 	return 0;
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-10-01 14:51:24 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-10-03 12:19:35 +0200
commit	95629758a5ec36313d839f8545fef0dc220408d8 (patch)
tree	87d41f7f29438af6b5ca75731282c22d0dc57a2b /src/netlink.c
parent	2e0ea44c99e466ea0bcb6aca5de95e2c7284f09c (diff)