From a3fdb7bb924e1988ce4f90e2773cc78335afb15b Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 25 Oct 2018 19:18:28 +0200 Subject: evaluate: do not pass EXPR_SET_ELEM to stmt_evaluate_arg() for set/map evaluation Otherwise, we cannot validate mismatching length size when combining raw expressions with sets and maps, eg. # cat /tmp/test table ip nftlb { map persistency { type ipv4_addr : mark size 65535 timeout 1h } chain pre { type filter hook prerouting priority filter; policy accept; ip protocol { tcp, udp } update @persistency { @th,0,16 : numgen inc mod 2 offset 100 } } } # nft -f /tmp/test /tmp/test:10:68-75: Error: datatype mismatch: expected IPv4 address, expression has type integer with length 16 ip protocol { tcp, udp } update @persistency { @th,0,16 : numgen inc mod 2 offset 100 } ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pass inner expression instead, instead of the wrapping set element expression. Fixes: 0e90798e9812 ("src: simplify map statement") Signed-off-by: Pablo Neira Ayuso --- src/evaluate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c index 66e9293f..dbeedc95 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2733,7 +2733,7 @@ static int stmt_evaluate_set(struct eval_ctx *ctx, struct stmt *stmt) stmt->set.set->set->key->dtype, stmt->set.set->set->key->len, stmt->set.set->set->key->byteorder, - &stmt->set.key) < 0) + &stmt->set.key->key) < 0) return -1; if (expr_is_constant(stmt->set.key)) return expr_error(ctx->msgs, stmt->set.key, @@ -2765,7 +2765,7 @@ static int stmt_evaluate_map(struct eval_ctx *ctx, struct stmt *stmt) stmt->map.set->set->key->dtype, stmt->map.set->set->key->len, stmt->map.set->set->key->byteorder, - &stmt->map.key) < 0) + &stmt->map.key->key) < 0) return -1; if (expr_is_constant(stmt->map.key)) return expr_error(ctx->msgs, stmt->map.key, -- cgit v1.2.3