meta: fix tc classid parsing out-of-bounds access

AddressSanitizer: heap-buffer-overflow on address 0x6020000003af ... #0 0x7f9a83cbb402 in tchandle_type_parse src/meta.c:89 #1 0x7f9a83c6753f in symbol_parse src/datatype.c:138 strlen() - 1 can underflow if length was 0. Simplify the function, there is no need to duplicate the string while scanning it. Expect the first strtol to stop at ':', scan for the minor number next. The second scan is required to stop at '\0'. Fixes: 6f2eb8548e0d ("src: meta priority support using tc classid") Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2023-12-13 17:37:11 +0100
committer: Florian Westphal <fw@strlen.de> 2023-12-13 18:11:20 +0100
commit: 7008b1200fb4988b7cd7ee1c5399cae071688d50 (patch)
tree: 36e8e52f1a5bb8ceb1afa030dad3834757686e21 /tests
parent: c0194279d356f942e81555262e41264af7659a1f (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/shell/testcases/bogons/nft-f/tchandle_type_parse_heap_overflow b/tests/shell/testcases/bogons/nft-f/tchandle_type_parse_heap_overflow
new file mode 100644
index 00000000..ea7186bf
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/tchandle_type_parse_heap_overflow
@@ -0,0 +1,6 @@
+table t {
+map m {
+	type ipv4_addr : classid
+	elements = { 1.1.26.3 : ::a }
+}
+}
author	Florian Westphal <fw@strlen.de>	2023-12-13 17:37:11 +0100
committer	Florian Westphal <fw@strlen.de>	2023-12-13 18:11:20 +0100
commit	7008b1200fb4988b7cd7ee1c5399cae071688d50 (patch)
tree	36e8e52f1a5bb8ceb1afa030dad3834757686e21 /tests
parent	c0194279d356f942e81555262e41264af7659a1f (diff)