From 0fe79458cb5ae36d838f0e5a5dc5cc6f332cac03 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 22 Dec 2022 11:23:00 +0100
Subject: evaluate: fix shift exponent underflow in concatenation evaluation

There is an underflow of the index that iterates over the concatenation:

../include/datatype.h:292:15: runtime error: shift exponent 4294967290 is too large for 32-bit type 'unsigned int'

set the datatype to invalid which is fine to evaluate a concatenation
in a set/map statement.

Update b8e1940aa190 ("tests: add a test case for map update from packet
path with concat") so it does not need a workaround to work.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/evaluate.c b/src/evaluate.c
index c04cb91d..70adb847 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1357,7 +1357,7 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr)
 			dsize = key->len;
 			bo = key->byteorder;
 			off--;
-		} else if (dtype == NULL) {
+		} else if (dtype == NULL || off == 0) {
 			tmp = datatype_lookup(TYPE_INVALID);
 		} else {
 			tmp = concat_subtype_lookup(type, --off);
-- 
cgit v1.2.3