summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2018-02-02 13:26:55 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-02-02 13:29:43 +0100
commit3e47bc4417be8d43e21a75fecf2b0d9e19a7a4ba (patch)
tree1f6cb6d9c020844f6bedad59b5f73418f81d29d1 /src
parentc38485441f4c153f28d2176e9ce17691244a3849 (diff)
netlink_delinearize: add assertion to prevent infinite loop
The following configuration: table inet filter { chain input { ct original ip daddr {1.2.3.4} accept } } is triggering an infinite loop. This problem also exists with concatenations and ct ip {s,d}addr. Until we have a solution for this, let's just prevent infinite loops. Now we hit this: # nft list ruleset nft: netlink_delinearize.c:124: netlink_parse_concat_expr: Assertion `consumed > 0' failed. Abort Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/netlink_delinearize.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 2637f4ba..256552b5 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -108,6 +108,7 @@ static struct expr *netlink_parse_concat_expr(struct netlink_parse_ctx *ctx,
unsigned int len)
{
struct expr *concat, *expr;
+ unsigned int consumed;
concat = concat_expr_alloc(loc);
while (len > 0) {
@@ -119,7 +120,9 @@ static struct expr *netlink_parse_concat_expr(struct netlink_parse_ctx *ctx,
}
compound_expr_add(concat, expr);
- len -= netlink_padded_len(expr->len);
+ consumed = netlink_padded_len(expr->len);
+ assert(consumed > 0);
+ len -= consumed;
reg += netlink_register_space(expr->len);
}
return concat;