diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/evaluate.c | 8 | ||||
-rw-r--r-- | src/parser_bison.y | 7 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 1c5078d6..87cd68d3 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1591,6 +1591,10 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr) } ctx->inner_desc = NULL; + + if (size > NFT_MAX_EXPR_LEN_BITS) + return expr_error(ctx->msgs, i, "Concatenation of size %u exceeds maximum size of %u", + size, NFT_MAX_EXPR_LEN_BITS); } (*expr)->flags |= flags; @@ -4719,6 +4723,10 @@ static int set_expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr) (*expr)->field_len[(*expr)->field_count++] = dsize_bytes; size += netlink_padded_len(i->len); + + if (size > NFT_MAX_EXPR_LEN_BITS) + return expr_error(ctx->msgs, i, "Concatenation of size %u exceeds maximum size of %u", + size, NFT_MAX_EXPR_LEN_BITS); } (*expr)->flags |= flags; diff --git a/src/parser_bison.y b/src/parser_bison.y index 571eddf1..7082d2ba 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -5627,6 +5627,13 @@ payload_expr : payload_raw_expr payload_raw_expr : AT payload_base_spec COMMA NUM COMMA NUM close_scope_at { + if ($6 > NFT_MAX_EXPR_LEN_BITS) { + erec_queue(error(&@1, "raw payload length %u exceeds upper limit of %u", + $6, NFT_MAX_EXPR_LEN_BITS), + state->msgs); + YYERROR; + } + $$ = payload_expr_alloc(&@$, NULL, 0); payload_init_raw($$, $2, $4, $6); $$->byteorder = BYTEORDER_BIG_ENDIAN; |