| Message ID | 20161128175143.25201-1-phil@nwl.cc |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
On Mon, Nov 28, 2016 at 06:51:43PM +0100, Phil Sutter wrote: > This is useful to allow a construct such as: > > | tcp flags & (syn|fin) == (syn|fin) > > Before, only the parentheses on the left side were allowed, but via a > quite funny path through the parser: > > * expr might be a concat_expr > * concat_expr might be a basic_expr > * basic_expr is an inclusive_or_expr > * inclusive_or_expr might be an exclusive_or_expr > * exclusive_or_expr might be an and_expr > * and_expr might be 'and_expr AMPERSAND shift_expr' > -> here we eliminate 'flags &' in above statement > * shift_expr might be a primary_expr > * primary_expr might be '( basic_expr )' > > Commit a3e60492a684b ("parser: restrict relational rhs expression > recursion") introduced rhs_expr to disallow recursion on RHS, so just > reverting that change for relational_expr is a no go. Allowing rhs_expr > to be '( rhs_expr )' though seems way too intrusive to me since it's > being used in all kinds of places, so this patch is the safest way to > allow the above I could come up with. Applied, thanks Phil! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/parser_bison.y b/src/parser_bison.y index 91955c187f3f0..73a0eda9a5d87 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2254,6 +2254,10 @@ relational_expr : expr /* implicit */ rhs_expr { $$ = relational_expr_alloc(&@2, $2, $1, $3); } + | expr relational_op '(' rhs_expr ')' + { + $$ = relational_expr_alloc(&@2, $2, $1, $4); + } ; list_rhs_expr : basic_rhs_expr COMMA basic_rhs_expr
This is useful to allow a construct such as: | tcp flags & (syn|fin) == (syn|fin) Before, only the parentheses on the left side were allowed, but via a quite funny path through the parser: * expr might be a concat_expr * concat_expr might be a basic_expr * basic_expr is an inclusive_or_expr * inclusive_or_expr might be an exclusive_or_expr * exclusive_or_expr might be an and_expr * and_expr might be 'and_expr AMPERSAND shift_expr' -> here we eliminate 'flags &' in above statement * shift_expr might be a primary_expr * primary_expr might be '( basic_expr )' Commit a3e60492a684b ("parser: restrict relational rhs expression recursion") introduced rhs_expr to disallow recursion on RHS, so just reverting that change for relational_expr is a no go. Allowing rhs_expr to be '( rhs_expr )' though seems way too intrusive to me since it's being used in all kinds of places, so this patch is the safest way to allow the above I could come up with. Signed-off-by: Phil Sutter <phil@nwl.cc> --- src/parser_bison.y | 4 ++++ 1 file changed, 4 insertions(+)