diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-01 14:51:24 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-03 12:19:35 +0200 |
commit | 95629758a5ec36313d839f8545fef0dc220408d8 (patch) | |
tree | 87d41f7f29438af6b5ca75731282c22d0dc57a2b /include/expression.h | |
parent | 2e0ea44c99e466ea0bcb6aca5de95e2c7284f09c (diff) |
segtree: bogus range via get set element on existing elements
table ip x {
set y {
type inet_service
flags interval
elements = { 10, 20-30, 40, 50-60 }
}
}
# nft get element x y { 20-40 }
table ip x {
set y {
type inet_service
flags interval
elements = { 20-40 }
}
}
20 and 40 exist in the tree, but they are part of different ranges.
This patch adds a new get_set_decompose() function to validate that the
left and the right side of the range.
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/expression.h')
-rw-r--r-- | include/expression.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/expression.h b/include/expression.h index fb52abfe..d6977c3a 100644 --- a/include/expression.h +++ b/include/expression.h @@ -453,7 +453,7 @@ extern void interval_map_decompose(struct expr *set); extern struct expr *get_set_intervals(const struct set *set, const struct expr *init); struct table; -extern void get_set_decompose(struct table *table, struct set *set); +extern int get_set_decompose(struct table *table, struct set *set); extern struct expr *mapping_expr_alloc(const struct location *loc, struct expr *from, struct expr *to); |