backport upstream patch
Signed-off-by: liweigang <liweiganga@uniontech.com> (cherry picked from commit 8a840a74a9950d164bf238373dd8ce7863178982)
This commit is contained in:
liweigang
openeuler-sync-bot
parent
69857e1ee0
commit
11fc8b8c28
50
backport-evaluate-error-out-if-basetypes-are-different.patch
Normal file
50
backport-evaluate-error-out-if-basetypes-are-different.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
From 45a4d4434742b425d019623812f2cce293033cdf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Westphal <fw@strlen.de>
|
||||||
|
Date: Mon, 4 Dec 2023 18:30:51 +0100
|
||||||
|
Subject: [PATCH] evaluate: error out if basetypes are different
|
||||||
|
|
||||||
|
prefer
|
||||||
|
binop_with_different_basetype_assert:3:29-35: Error: Binary operation (<<) with different base types (string vs integer) is not supported
|
||||||
|
oifname set ip9dscp << 26 | 0x10
|
||||||
|
^^^^^^^~~~~~~
|
||||||
|
to assertion failure.
|
||||||
|
|
||||||
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||||
|
---
|
||||||
|
src/evaluate.c | 7 +++++--
|
||||||
|
.../bogons/nft-f/binop_with_different_basetype_assert | 5 +++++
|
||||||
|
2 files changed, 10 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 tests/shell/testcases/bogons/nft-f/binop_with_different_basetype_assert
|
||||||
|
|
||||||
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
||||||
|
index b6670254..51ae276a 100644
|
||||||
|
--- a/src/evaluate.c
|
||||||
|
+++ b/src/evaluate.c
|
||||||
|
@@ -1451,8 +1451,11 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr)
|
||||||
|
"for %s expressions",
|
||||||
|
sym, expr_name(right));
|
||||||
|
|
||||||
|
- /* The grammar guarantees this */
|
||||||
|
- assert(datatype_equal(expr_basetype(left), expr_basetype(right)));
|
||||||
|
+ if (!datatype_equal(expr_basetype(left), expr_basetype(right)))
|
||||||
|
+ return expr_binary_error(ctx->msgs, left, op,
|
||||||
|
+ "Binary operation (%s) with different base types "
|
||||||
|
+ "(%s vs %s) is not supported",
|
||||||
|
+ sym, expr_basetype(left)->name, expr_basetype(right)->name);
|
||||||
|
|
||||||
|
switch (op->op) {
|
||||||
|
case OP_LSHIFT:
|
||||||
|
diff --git a/tests/shell/testcases/bogons/nft-f/binop_with_different_basetype_assert b/tests/shell/testcases/bogons/nft-f/binop_with_different_basetype_assert
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..e8436008
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/shell/testcases/bogons/nft-f/binop_with_different_basetype_assert
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+table ip t {
|
||||||
|
+ chain c {
|
||||||
|
+ oifname set ip9dscp << 26 | 0x10
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.43.4
|
||||||
|
|
||||||
37
backport-evaluate-guard-against-NULL-basetype.patch
Normal file
37
backport-evaluate-guard-against-NULL-basetype.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From 3671c48970031e617ee713b79caf8ef0a1b096c2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Westphal <fw@strlen.de>
|
||||||
|
Date: Mon, 4 Dec 2023 18:18:07 +0100
|
||||||
|
Subject: [PATCH] evaluate: guard against NULL basetype
|
||||||
|
|
||||||
|
i->dtype->basetype can be NULL.
|
||||||
|
|
||||||
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||||
|
---
|
||||||
|
src/evaluate.c | 2 +-
|
||||||
|
tests/shell/testcases/bogons/nft-f/no_integer_basetype_crash | 1 +
|
||||||
|
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 tests/shell/testcases/bogons/nft-f/no_integer_basetype_crash
|
||||||
|
|
||||||
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
||||||
|
index b6428018..b6670254 100644
|
||||||
|
--- a/src/evaluate.c
|
||||||
|
+++ b/src/evaluate.c
|
||||||
|
@@ -1610,7 +1610,7 @@ static int expr_evaluate_list(struct eval_ctx *ctx, struct expr **expr)
|
||||||
|
return expr_error(ctx->msgs, i,
|
||||||
|
"List member must be a constant "
|
||||||
|
"value");
|
||||||
|
- if (i->dtype->basetype->type != TYPE_BITMASK)
|
||||||
|
+ if (datatype_basetype(i->dtype)->type != TYPE_BITMASK)
|
||||||
|
return expr_error(ctx->msgs, i,
|
||||||
|
"Basetype of type %s is not bitmask",
|
||||||
|
i->dtype->desc);
|
||||||
|
diff --git a/tests/shell/testcases/bogons/nft-f/no_integer_basetype_crash b/tests/shell/testcases/bogons/nft-f/no_integer_basetype_crash
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..16d3e41f
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/shell/testcases/bogons/nft-f/no_integer_basetype_crash
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+cPoR et ip dscp << 2>0 ,xl rt ipsec c0tt in tabl rt ipsec cl
|
||||||
|
--
|
||||||
|
2.43.4
|
||||||
|
|
||||||
@ -0,0 +1,45 @@
|
|||||||
|
From 778e4e113673c2a4daa798634c554c40f2808276 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Westphal <fw@strlen.de>
|
||||||
|
Date: Mon, 4 Dec 2023 17:47:50 +0100
|
||||||
|
Subject: [PATCH] evaluate: handle invalid mapping expressions gracefully
|
||||||
|
|
||||||
|
Before:
|
||||||
|
BUG: invalid mapping expression binop
|
||||||
|
nft: src/evaluate.c:2027: expr_evaluate_map: Assertion `0' failed.
|
||||||
|
|
||||||
|
After:
|
||||||
|
tests/shell/testcases/bogons/nft-f/invalid_mapping_expr_binop_assert:1:22-25: Error: invalid mapping expression binop
|
||||||
|
xy mame ip saddr map h& p p
|
||||||
|
~~~~~~~~ ^^^^
|
||||||
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||||
|
---
|
||||||
|
src/evaluate.c | 4 ++--
|
||||||
|
.../testcases/bogons/nft-f/invalid_mapping_expr_binop_assert | 1 +
|
||||||
|
2 files changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 tests/shell/testcases/bogons/nft-f/invalid_mapping_expr_binop_assert
|
||||||
|
|
||||||
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
||||||
|
index 64deb31a..b6428018 100644
|
||||||
|
--- a/src/evaluate.c
|
||||||
|
+++ b/src/evaluate.c
|
||||||
|
@@ -2024,8 +2024,8 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
|
||||||
|
"Expression is not a map");
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
- BUG("invalid mapping expression %s\n",
|
||||||
|
- expr_name(map->mappings));
|
||||||
|
+ return expr_binary_error(ctx->msgs, map->mappings, map->map,
|
||||||
|
+ "invalid mapping expression %s", expr_name(map->mappings));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!datatype_equal(map->map->dtype, map->mappings->set->key->dtype))
|
||||||
|
diff --git a/tests/shell/testcases/bogons/nft-f/invalid_mapping_expr_binop_assert b/tests/shell/testcases/bogons/nft-f/invalid_mapping_expr_binop_assert
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..7205ff4f
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/shell/testcases/bogons/nft-f/invalid_mapping_expr_binop_assert
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+xy mame ip saddr map h& p p
|
||||||
|
--
|
||||||
|
2.43.4
|
||||||
|
|
||||||
54
backport-evaluate-reject-attempt-to-update-a-set.patch
Normal file
54
backport-evaluate-reject-attempt-to-update-a-set.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From 5f43ea807bb0f5b30f332c2c96f13e33c9243d22 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Westphal <fw@strlen.de>
|
||||||
|
Date: Mon, 4 Dec 2023 22:00:06 +0100
|
||||||
|
Subject: [PATCH] evaluate: reject attempt to update a set
|
||||||
|
|
||||||
|
This will crash as set->data is NULL, so check that SET_REF is pointing
|
||||||
|
to a map:
|
||||||
|
|
||||||
|
Error: candidates_ipv4 is not a map
|
||||||
|
tcp dport 10003 ip saddr . tcp dport @candidates_ipv4 add @candidates_ipv4 { ip saddr . 10 :0004 timeout 1s }
|
||||||
|
~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||||
|
---
|
||||||
|
src/evaluate.c | 4 ++++
|
||||||
|
tests/shell/testcases/bogons/nft-f/add_to_a_set_crash | 11 +++++++++++
|
||||||
|
2 files changed, 15 insertions(+)
|
||||||
|
create mode 100644 tests/shell/testcases/bogons/nft-f/add_to_a_set_crash
|
||||||
|
|
||||||
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
||||||
|
index 131b0a0e..f05cac41 100644
|
||||||
|
--- a/src/evaluate.c
|
||||||
|
+++ b/src/evaluate.c
|
||||||
|
@@ -4344,6 +4344,10 @@ static int stmt_evaluate_map(struct eval_ctx *ctx, struct stmt *stmt)
|
||||||
|
return expr_error(ctx->msgs, stmt->map.set,
|
||||||
|
"Expression does not refer to a set");
|
||||||
|
|
||||||
|
+ if (!set_is_map(stmt->map.set->set->flags))
|
||||||
|
+ return expr_error(ctx->msgs, stmt->map.set,
|
||||||
|
+ "%s is not a map", stmt->map.set->set->handle.set.name);
|
||||||
|
+
|
||||||
|
if (stmt_evaluate_key(ctx, stmt,
|
||||||
|
stmt->map.set->set->key->dtype,
|
||||||
|
stmt->map.set->set->key->len,
|
||||||
|
diff --git a/tests/shell/testcases/bogons/nft-f/add_to_a_set_crash b/tests/shell/testcases/bogons/nft-f/add_to_a_set_crash
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..80a01b45
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/shell/testcases/bogons/nft-f/add_to_a_set_crash
|
||||||
|
@@ -0,0 +1,11 @@
|
||||||
|
+table t {
|
||||||
|
+ set candidates_ipv4 {
|
||||||
|
+ type ipv4_addr . inet_service
|
||||||
|
+ size 65535
|
||||||
|
+ flags dynamic,timeout
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ chain input {
|
||||||
|
+ tcp dport 10003 ip saddr . tcp dport @candidates_ipv4 add @candidates_ipv4 { ip saddr . 10 :0004 timeout 1s }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.43.4
|
||||||
|
|
||||||
@ -0,0 +1,53 @@
|
|||||||
|
From 172b660843501463a0894b0d2ca1dd48c898dc4d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
Date: Thu, 11 Jan 2024 22:14:34 +0100
|
||||||
|
Subject: [PATCH] evaluate: release mpz type in expr_evaluate_list() error path
|
||||||
|
|
||||||
|
Detected when running:
|
||||||
|
|
||||||
|
# nft -f tests/shell/testcases/bogons/nft-f/no_integer_basetype_crash
|
||||||
|
==383222==ERROR: LeakSanitizer: detected memory leaks
|
||||||
|
|
||||||
|
Direct leak of 8 byte(s) in 1 object(s) allocated from:
|
||||||
|
#0 0x7fe7b54a9e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
||||||
|
#1 0x7fe7b538b9a9 in __gmp_default_allocate (/lib/x86_64-linux-gnu/libgmp.so.10+0xc9a9)
|
||||||
|
|
||||||
|
Fixes: 3671c4897003 ("evaluate: guard against NULL basetype")
|
||||||
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
---
|
||||||
|
src/evaluate.c | 12 +++++++++---
|
||||||
|
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
||||||
|
index 6c29579f..3b366166 100644
|
||||||
|
--- a/src/evaluate.c
|
||||||
|
+++ b/src/evaluate.c
|
||||||
|
@@ -1695,16 +1695,22 @@ static int expr_evaluate_list(struct eval_ctx *ctx, struct expr **expr)
|
||||||
|
|
||||||
|
mpz_init_set_ui(val, 0);
|
||||||
|
list_for_each_entry_safe(i, next, &list->expressions, list) {
|
||||||
|
- if (list_member_evaluate(ctx, &i) < 0)
|
||||||
|
+ if (list_member_evaluate(ctx, &i) < 0) {
|
||||||
|
+ mpz_clear(val);
|
||||||
|
return -1;
|
||||||
|
- if (i->etype != EXPR_VALUE)
|
||||||
|
+ }
|
||||||
|
+ if (i->etype != EXPR_VALUE) {
|
||||||
|
+ mpz_clear(val);
|
||||||
|
return expr_error(ctx->msgs, i,
|
||||||
|
"List member must be a constant "
|
||||||
|
"value");
|
||||||
|
- if (datatype_basetype(i->dtype)->type != TYPE_BITMASK)
|
||||||
|
+ }
|
||||||
|
+ if (datatype_basetype(i->dtype)->type != TYPE_BITMASK) {
|
||||||
|
+ mpz_clear(val);
|
||||||
|
return expr_error(ctx->msgs, i,
|
||||||
|
"Basetype of type %s is not bitmask",
|
||||||
|
i->dtype->desc);
|
||||||
|
+ }
|
||||||
|
mpz_ior(val, val, i->value);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.4
|
||||||
|
|
||||||
@ -0,0 +1,42 @@
|
|||||||
|
From 2b24dd29c5fa1c7e4cf44f0753752d25106273a0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
Date: Tue, 13 Feb 2024 17:09:20 +0100
|
||||||
|
Subject: [PATCH] expression: missing line in describe command with invalid
|
||||||
|
expression
|
||||||
|
|
||||||
|
Before:
|
||||||
|
|
||||||
|
duh@testbed:~# nft describe blah
|
||||||
|
symbol expression, datatype invalid (invalid)duh@testbed:#
|
||||||
|
|
||||||
|
After:
|
||||||
|
|
||||||
|
duh@testbed:~# nft describe blah
|
||||||
|
symbol expression, datatype invalid (invalid)
|
||||||
|
duh@testbed:#
|
||||||
|
|
||||||
|
Fixes: 48aca2de80a7 ("iptopt: fix crash with invalid field/type combo")
|
||||||
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
---
|
||||||
|
src/expression.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/expression.c b/src/expression.c
|
||||||
|
index dde48b6a..cb2573fe 100644
|
||||||
|
--- a/src/expression.c
|
||||||
|
+++ b/src/expression.c
|
||||||
|
@@ -140,8 +140,10 @@ void expr_describe(const struct expr *expr, struct output_ctx *octx)
|
||||||
|
nft_print(octx, "%s expression, datatype %s (%s)",
|
||||||
|
expr_name(expr), dtype->name, dtype->desc);
|
||||||
|
|
||||||
|
- if (dtype == &invalid_type)
|
||||||
|
+ if (dtype == &invalid_type) {
|
||||||
|
+ nft_print(octx, "\n");
|
||||||
|
return;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (dtype->basetype != NULL) {
|
||||||
|
--
|
||||||
|
2.43.4
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: nftables
|
Name: nftables
|
||||||
Version: 1.0.8
|
Version: 1.0.8
|
||||||
Release: 3
|
Release: 4
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Summary: A subsystem of the Linux kernel processing network data
|
Summary: A subsystem of the Linux kernel processing network data
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
@ -48,6 +48,12 @@ Patch0036: backport-evaluate-error-out-when-expression-has-no-datatype.patc
|
|||||||
Patch0037: backport-evaluate-tproxy-move-range-error-checks-after-arg-ev.patch
|
Patch0037: backport-evaluate-tproxy-move-range-error-checks-after-arg-ev.patch
|
||||||
Patch0038: backport-evaluate-error-out-when-store-needs-more-than-one-12.patch
|
Patch0038: backport-evaluate-error-out-when-store-needs-more-than-one-12.patch
|
||||||
Patch0039: backport-rule-fix-sym-refcount-assertion.patch
|
Patch0039: backport-rule-fix-sym-refcount-assertion.patch
|
||||||
|
Patch0040: backport-evaluate-guard-against-NULL-basetype.patch
|
||||||
|
Patch0041: backport-evaluate-error-out-if-basetypes-are-different.patch
|
||||||
|
Patch0042: backport-evaluate-reject-attempt-to-update-a-set.patch
|
||||||
|
Patch0043: backport-evaluate-release-mpz-type-in-expr_evaluate_list-erro.patch
|
||||||
|
Patch0044: backport-expression-missing-line-in-describe-command-with-inv.patch
|
||||||
|
Patch0045: backport-evaluate-handle-invalid-mapping-expressions-graceful.patch
|
||||||
|
|
||||||
BuildRequires: gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd
|
BuildRequires: gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd
|
||||||
BuildRequires: iptables-devel jansson-devel python3-devel
|
BuildRequires: iptables-devel jansson-devel python3-devel
|
||||||
@ -147,6 +153,17 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
|
|||||||
%{python3_sitelib}/nftables/
|
%{python3_sitelib}/nftables/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 24 2024 liweigang <liweiganga@uniontech.com> - 1:1.0.8-4
|
||||||
|
- Type: bugfix
|
||||||
|
- CVE: NA
|
||||||
|
- SUG: NA
|
||||||
|
- DESC: evaluate: guard against NULL basetype
|
||||||
|
evaluate: error out if basetypes are different
|
||||||
|
evaluate: reject attempt to update a set
|
||||||
|
evaluate: release mpz type in expr_evaluate_list() error path
|
||||||
|
expression: missing line in describe command with invalid expression
|
||||||
|
evaluate: handle invalid mapping expressions in stateful object statements gracefully
|
||||||
|
|
||||||
* Fri Apr 19 2024 lingsheng <lingsheng1@h-partners.com> - 1:1.0.8-3
|
* Fri Apr 19 2024 lingsheng <lingsheng1@h-partners.com> - 1:1.0.8-3
|
||||||
- Type:bugfix
|
- Type:bugfix
|
||||||
- CVE:NA
|
- CVE:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user