From cd54a9bb2da0686ad3684741f3b8f6696639013f Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 17 Mar 2021 00:44:09 +0100
Subject: segtree: release single element already contained in an interval

Before this patch:

 table ip x {
        chain y {
                ip saddr { 1.1.1.1-1.1.1.2, 1.1.1.1 }
        }
 }

results in:

 table ip x {
        chain y {
                ip saddr { 1.1.1.1 }
        }
 }

due to incorrect interval merge logic.

If the element 1.1.1.1 is already contained in an existing interval
1.1.1.1-1.1.1.2, release it.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1512
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/segtree.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/segtree.c')

diff --git a/src/segtree.c b/src/segtree.c
index 9aa39e52..ad199355 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -210,6 +210,12 @@ static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 			ei = lei;
 			goto err;
 		}
+		/* single element contained in an existing interval */
+		if (mpz_cmp(new->left, new->right) == 0) {
+			ei_destroy(new);
+			goto out;
+		}
+
 		/*
 		 * The new interval is entirely contained in the same interval,
 		 * split it into two parts:
@@ -277,7 +283,7 @@ static int ei_insert(struct list_head *msgs, struct seg_tree *tree,
 	}
 
 	__ei_insert(tree, new);
-
+out:
 	mpz_clear(p);
 
 	return 0;
-- 
cgit v1.2.3