diff options
| author | Florian Westphal <fw@strlen.de> | 2023-06-19 22:43:05 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2023-06-20 21:47:51 +0200 |
| commit | d40c7623837424d4eb8048508b924887b092e050 (patch) | |
| tree | 3b06bbaaac10f46cbccb71d02a6fcaee2ab1b5d8 | |
| parent | fa52bc22580632b4b78c263e338ddfbe235a8218 (diff) | |
parser: reject zero-length interface names in flowtables
Previous patch wasn't enough, also disable this for flowtable device lists.
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | src/parser_bison.y | 20 | ||||
| -rw-r--r-- | tests/shell/testcases/bogons/nft-f/zero_length_devicename_flowtable_assert | 5 |
2 files changed, 17 insertions, 8 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 9a4204c0..e7ee56c1 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2380,17 +2380,21 @@ flowtable_list_expr : flowtable_expr_member flowtable_expr_member : QUOTED_STRING { - $$ = constant_expr_alloc(&@$, &string_type, - BYTEORDER_HOST_ENDIAN, - strlen($1) * BITS_PER_BYTE, $1); - xfree($1); + struct expr *expr = ifname_expr_alloc(&@$, state->msgs, $1); + + if (!expr) + YYERROR; + + $$ = expr; } | STRING { - $$ = constant_expr_alloc(&@$, &string_type, - BYTEORDER_HOST_ENDIAN, - strlen($1) * BITS_PER_BYTE, $1); - xfree($1); + struct expr *expr = ifname_expr_alloc(&@$, state->msgs, $1); + + if (!expr) + YYERROR; + + $$ = expr; } | variable_expr { diff --git a/tests/shell/testcases/bogons/nft-f/zero_length_devicename_flowtable_assert b/tests/shell/testcases/bogons/nft-f/zero_length_devicename_flowtable_assert new file mode 100644 index 00000000..2c3e6c3f --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/zero_length_devicename_flowtable_assert @@ -0,0 +1,5 @@ +table t { + flowtable f { + devices = { """"lo } + } +} |