summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2022-10-12 12:50:26 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2022-10-12 13:02:40 +0200
commit4dbfa17097512b6b88805299223f93e90a072ea6 (patch)
treed8b6c063f9ccf95258c3f637615edb86dcb5b64f /src
parente69bf6691534b9afe50c87e5e99cf0fe05304b22 (diff)
netlink_delinearize: do not transfer binary operation to non-anonymous sets
Michael Braun says: This results for nft list ruleset in nft: netlink_delinearize.c:1945: binop_adjust_one: Assertion `value->len >= binop->right->len' failed. This is due to binop_adjust_one setting value->len to left->len, which is shorther than right->len. Additionally, it does not seem correct to alter set elements from parsing a rule, so remove that part all together. Reported-by: Michael Braun <michael-dev@fami-braun.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/netlink_delinearize.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index e8b9724c..828ad12d 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2228,6 +2228,9 @@ static void binop_adjust(const struct expr *binop, struct expr *right,
binop_adjust_one(binop, right, shift);
break;
case EXPR_SET_REF:
+ if (!set_is_anonymous(right->set->flags))
+ break;
+
list_for_each_entry(i, &right->set->init->expressions, list) {
switch (i->key->etype) {
case EXPR_VALUE: