diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-02 13:26:55 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-02 13:29:43 +0100 |
commit | 3e47bc4417be8d43e21a75fecf2b0d9e19a7a4ba (patch) | |
tree | 1f6cb6d9c020844f6bedad59b5f73418f81d29d1 /src | |
parent | c38485441f4c153f28d2176e9ce17691244a3849 (diff) |
netlink_delinearize: add assertion to prevent infinite loop
The following configuration:
table inet filter {
chain input {
ct original ip daddr {1.2.3.4} accept
}
}
is triggering an infinite loop.
This problem also exists with concatenations and ct ip {s,d}addr. Until
we have a solution for this, let's just prevent infinite loops.
Now we hit this:
# nft list ruleset
nft: netlink_delinearize.c:124: netlink_parse_concat_expr: Assertion `consumed > 0' failed.
Abort
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/netlink_delinearize.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 2637f4ba..256552b5 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -108,6 +108,7 @@ static struct expr *netlink_parse_concat_expr(struct netlink_parse_ctx *ctx, unsigned int len) { struct expr *concat, *expr; + unsigned int consumed; concat = concat_expr_alloc(loc); while (len > 0) { @@ -119,7 +120,9 @@ static struct expr *netlink_parse_concat_expr(struct netlink_parse_ctx *ctx, } compound_expr_add(concat, expr); - len -= netlink_padded_len(expr->len); + consumed = netlink_padded_len(expr->len); + assert(consumed > 0); + len -= consumed; reg += netlink_register_space(expr->len); } return concat; |