From 3e7dad95af69bde12f22af5b1a2bc860ab3da417 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 11 Apr 2020 14:19:36 +0200
Subject: segtree: broken error reporting with mappings

Segfault on error reporting when intervals overlap.

ip saddr vmap {
    10.0.1.0-10.0.1.255 : accept,
    10.0.1.1-10.0.2.255 : drop
}

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1415
Fixes: 4d6ad0f310d6 ("segtree: check for overlapping elements at insertion")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/segtree.c | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/segtree.c b/src/segtree.c
index 8d79332d..a9d6ecc8 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -190,7 +190,8 @@ static bool segtree_debug(unsigned int debug_mask)
 static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 		     struct elementary_interval *new, bool merge)
 {
-	struct elementary_interval *lei, *rei;
+	struct elementary_interval *lei, *rei, *ei;
+	struct expr *new_expr, *expr;
 	mpz_t p;
 
 	mpz_init2(p, tree->keylen);
@@ -205,8 +206,10 @@ static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 		pr_gmp_debug("insert: [%Zx %Zx]\n", new->left, new->right);
 
 	if (lei != NULL && rei != NULL && lei == rei) {
-		if (!merge)
+		if (!merge) {
+			ei = lei;
 			goto err;
+		}
 		/*
 		 * The new interval is entirely contained in the same interval,
 		 * split it into two parts:
@@ -228,8 +231,10 @@ static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 		ei_destroy(lei);
 	} else {
 		if (lei != NULL) {
-			if (!merge)
+			if (!merge) {
+				ei = lei;
 				goto err;
+			}
 			/*
 			 * Left endpoint is within lei, adjust it so we have:
 			 *
@@ -248,8 +253,10 @@ static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 			}
 		}
 		if (rei != NULL) {
-			if (!merge)
+			if (!merge) {
+				ei = rei;
 				goto err;
+			}
 			/*
 			 * Right endpoint is within rei, adjust it so we have:
 			 *
@@ -276,7 +283,15 @@ static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 	return 0;
 err:
 	errno = EEXIST;
-	return expr_binary_error(msgs, lei->expr, new->expr,
+	if (new->expr->etype == EXPR_MAPPING) {
+		new_expr = new->expr->left;
+		expr = ei->expr->left;
+	} else {
+		new_expr = new->expr;
+		expr = ei->expr;
+	}
+
+	return expr_binary_error(msgs, new_expr, expr,
 				 "conflicting intervals specified");
 }
 
-- 
cgit v1.2.3