diff options
| author | Jeremy Sowden <jeremy@azazel.net> | 2020-01-06 22:35:10 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-01-08 23:33:09 +0100 |
| commit | 6a2a56fcb81cf2e5ef46d37001810b82a56a42a5 (patch) | |
| tree | ac18a17ebb9ec70685de63583ce21a7e3eb62a09 /src | |
| parent | c1ce4072b72e34300bd7bb406652a60f62384fc8 (diff) | |
evaluate: fix expr_set_context call for shift binops.
expr_evaluate_binop calls expr_set_context for shift expressions to set
the context data-type to `integer`. This clobbers the byte-order of the
context, resulting in unexpected conversions to NBO. For example:
$ sudo nft flush ruleset
$ sudo nft add table t
$ sudo nft add chain t c '{ type filter hook output priority mangle; }'
$ sudo nft add rule t c oif lo tcp dport ssh ct mark set '0x10 | 0xe'
$ sudo nft add rule t c oif lo tcp dport ssh ct mark set '0xf << 1'
$ sudo nft list table t
table ip t {
chain c {
type filter hook output priority mangle; policy accept;
oif "lo" tcp dport 22 ct mark set 0x0000001e
oif "lo" tcp dport 22 ct mark set 0x1e000000
}
}
Replace it with a call to __expr_set_context and set the byteorder to
that of the left operand since this is the value being shifted.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/evaluate.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 817b2322..34e4473e 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1145,7 +1145,8 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr) left = op->left; if (op->op == OP_LSHIFT || op->op == OP_RSHIFT) - expr_set_context(&ctx->ectx, &integer_type, ctx->ectx.len); + __expr_set_context(&ctx->ectx, &integer_type, + left->byteorder, ctx->ectx.len, 0); if (expr_evaluate(ctx, &op->right) < 0) return -1; right = op->right; |