From 6b00b9537e181eaf630ecaf0d4e56905eb29d87c Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 6 Jul 2018 20:07:54 +0200 Subject: evaluate: skip evaluation of datatype concatenations These are not really expressions, so there is not value in place. The expr_evaluate_concat() is called from set_evaluate() to calculate the total length of the tuple. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1265 Signed-off-by: Pablo Neira Ayuso --- src/evaluate.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c index c4ee3cc9..ae881ccd 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1089,7 +1089,8 @@ static int list_member_evaluate(struct eval_ctx *ctx, struct expr **expr) return err; } -static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr) +static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr, + bool eval) { const struct datatype *dtype = ctx->ectx.dtype, *tmp; uint32_t type = dtype ? dtype->type : 0, ntype = 0; @@ -1110,7 +1111,7 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr) tmp = concat_subtype_lookup(type, --off); expr_set_context(&ctx->ectx, tmp, tmp->size); - if (list_member_evaluate(ctx, &i) < 0) + if (eval && list_member_evaluate(ctx, &i) < 0) return -1; flags &= i->flags; @@ -1775,7 +1776,7 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr) case EXPR_BINOP: return expr_evaluate_binop(ctx, expr); case EXPR_CONCAT: - return expr_evaluate_concat(ctx, expr); + return expr_evaluate_concat(ctx, expr, true); case EXPR_LIST: return expr_evaluate_list(ctx, expr); case EXPR_SET: @@ -2824,7 +2825,7 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set) if (set->key->len == 0) { if (set->key->ops->type == EXPR_CONCAT && - expr_evaluate_concat(ctx, &set->key) < 0) + expr_evaluate_concat(ctx, &set->key, false) < 0) return -1; if (set->key->len == 0) -- cgit v1.2.3