summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJeremy Sowden <jeremy@azazel.net>2020-01-06 22:35:10 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2020-01-08 23:33:09 +0100
commit6a2a56fcb81cf2e5ef46d37001810b82a56a42a5 (patch)
treeac18a17ebb9ec70685de63583ce21a7e3eb62a09 /src
parentc1ce4072b72e34300bd7bb406652a60f62384fc8 (diff)
evaluate: fix expr_set_context call for shift binops.
expr_evaluate_binop calls expr_set_context for shift expressions to set the context data-type to `integer`. This clobbers the byte-order of the context, resulting in unexpected conversions to NBO. For example: $ sudo nft flush ruleset $ sudo nft add table t $ sudo nft add chain t c '{ type filter hook output priority mangle; }' $ sudo nft add rule t c oif lo tcp dport ssh ct mark set '0x10 | 0xe' $ sudo nft add rule t c oif lo tcp dport ssh ct mark set '0xf << 1' $ sudo nft list table t table ip t { chain c { type filter hook output priority mangle; policy accept; oif "lo" tcp dport 22 ct mark set 0x0000001e oif "lo" tcp dport 22 ct mark set 0x1e000000 } } Replace it with a call to __expr_set_context and set the byteorder to that of the left operand since this is the value being shifted. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/evaluate.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 817b2322..34e4473e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1145,7 +1145,8 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr)
left = op->left;
if (op->op == OP_LSHIFT || op->op == OP_RSHIFT)
- expr_set_context(&ctx->ectx, &integer_type, ctx->ectx.len);
+ __expr_set_context(&ctx->ectx, &integer_type,
+ left->byteorder, ctx->ectx.len, 0);
if (expr_evaluate(ctx, &op->right) < 0)
return -1;
right = op->right;