diff options
author | Florian Westphal <fw@strlen.de> | 2016-01-04 20:53:52 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2016-01-04 20:53:52 +0100 |
commit | 4a7973e1f7fb812f187ab50197a8fee748fa4047 (patch) | |
tree | a3c6735e1ec3063ada13ea9793f8cde31d990c10 /src/netlink_delinearize.c | |
parent | 7ad9e1f8ad4ba637be841d0573bdfdcf397f0815 (diff) |
netlink: don't handle lhs zero-length expression as concat type
expr->len 0 can appear for some data types whose size can be different
based on some external state, e.g. the conntrack src/dst addresses.
The nft type is 'invalid/0-length' in the template definition, the
size is set (on linearization) based on the network base family,
i.e. the type is changed to ip or ipv6 address at a later stage.
For delinarization, skip zero-length expression as concat type
and give expr_postprocess a chance to fix the types.
Without this change the previous patch will result in nft consuming all
available memory when trying to display e.g. a 'ct saddr' rule.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r-- | src/netlink_delinearize.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 769321aa..c4ffab50 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -236,7 +236,7 @@ static void netlink_parse_cmp(struct netlink_parse_ctx *ctx, left->dtype != &string_type) { return netlink_error(ctx, loc, "Relational expression size mismatch"); - } else if (left->len < right->len) { + } else if (left->len > 0 && left->len < right->len) { left = netlink_parse_concat_expr(ctx, loc, sreg, right->len); if (left == NULL) return; |