diff options
| -rw-r--r-- | src/evaluate.c | 17 | ||||
| -rwxr-xr-x | tests/shell/testcases/bogons/assert_failures | 12 | ||||
| -rw-r--r-- | tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert | 7 |
3 files changed, 32 insertions, 4 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 00bb8988..efab2895 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1869,12 +1869,21 @@ static void __mapping_expr_expand(struct expr *i) } } -static void mapping_expr_expand(struct expr *init) +static int mapping_expr_expand(struct eval_ctx *ctx) { struct expr *i; - list_for_each_entry(i, &init->expressions, list) + if (!set_is_anonymous(ctx->set->flags)) + return 0; + + list_for_each_entry(i, &ctx->set->init->expressions, list) { + if (i->etype != EXPR_MAPPING) + return expr_error(ctx->msgs, i, + "expected mapping, not %s", expr_name(i)); __mapping_expr_expand(i); + } + + return 0; } static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr) @@ -1955,8 +1964,8 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr) if (ctx->set->data->flags & EXPR_F_INTERVAL) { ctx->set->data->len *= 2; - if (set_is_anonymous(ctx->set->flags)) - mapping_expr_expand(ctx->set->init); + if (mapping_expr_expand(ctx)) + return -1; } ctx->set->key->len = ctx->ectx.len; diff --git a/tests/shell/testcases/bogons/assert_failures b/tests/shell/testcases/bogons/assert_failures new file mode 100755 index 00000000..79099427 --- /dev/null +++ b/tests/shell/testcases/bogons/assert_failures @@ -0,0 +1,12 @@ +#!/bin/bash + +dir=$(dirname $0)/nft-f/ + +for f in $dir/*; do + $NFT --check -f "$f" + + if [ $? -ne 1 ]; then + echo "Bogus input file $f did not cause expected error code" 1>&2 + exit 111 + fi +done diff --git a/tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert b/tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert new file mode 100644 index 00000000..18c7edd1 --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert @@ -0,0 +1,7 @@ +table ip x { + chain y { + type nat hook postrouting priority srcnat; policy accept; + snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24, 10.141.12.1 } + } +} + |