From patchwork Mon Sep 6 03:06:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiao Liang X-Patchwork-Id: 1524819 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=C0dsxfsg; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4H2tbk40P7z9sW5 for ; Mon, 6 Sep 2021 13:06:58 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239236AbhIFDIA (ORCPT ); Sun, 5 Sep 2021 23:08:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239093AbhIFDIA (ORCPT ); Sun, 5 Sep 2021 23:08:00 -0400 Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9DF37C061575 for ; Sun, 5 Sep 2021 20:06:56 -0700 (PDT) Received: by mail-pg1-x533.google.com with SMTP id r2so5316323pgl.10 for ; Sun, 05 Sep 2021 20:06:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ql6e+DZIpY5JprOB0mZute+zqfxFV19m9QFQJBQ4vTA=; b=C0dsxfsgaaizd87XDHybe15y7znmOXBhstHhk1C0RURV0yV6gIV/4vmMcDR4yWqiCg UTs0ydOKM7TvarvOaP08MR145PAN+ksc/KRvlWha4IxkgMYzClXI0JBV4KXyZGqFWuNd fC5h7nEpA5kuq4dsRvGD4mAwc8OGtcUfreRASk9de0r3rqF5Ru5GpvrZF32iTvlj3oU8 saZjuTupDC+28Ye6oBbtfpM3V9dWlr7TdXZIolDBvgHbtGfCyMJ/tJsvC48Tx7oEWuK+ NDPvh90dJdaM2nCrORJG3bP3LifHNmVrgv5cym9B89XMtaTa4TsJWfSV5PpcnvGEyM7Z c7Yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ql6e+DZIpY5JprOB0mZute+zqfxFV19m9QFQJBQ4vTA=; b=Xyx/2KBMvJUhXwzR8wm8xSuM2h/zhl7kwwqv+pPwyzdGnDer9ROaY9avEUSQsXrdZZ uD1thr+dsAsa9ZeUHFrxy6Je4KIsqqzoEjFZTma0Xyo7LdlzsamT1VCsmERmCzKTX89p MVF9NQgt0vta3WOK2dwPqpdqdRovajO5l8O08/TzuP90bSKcuw+r5fR034e9vf4Ty4MA lUfsA4sxxeeJ9NLnM8QjD3/iWZIJhJTpHyql7KokfbUtBtc5VA6i8PitE+Fof7DVs14z 3Fpc/LqTQekx6AVIOnJqv0V60oZ8KABh8Fg9T9TamTXc7xpbf2VaiT89n9Tuhxj5ok5A O3WQ== X-Gm-Message-State: AOAM5320Xp/+F5+hpdz1g9g7RLsk6aOOAOFuhyfOr/Nqq3FIHbxtTpC0 bJQ4TVykwWZnFNtfRIcVmVSHbKfuePz/fA== X-Google-Smtp-Source: ABdhPJyN9FvTu1wnTTN8QiBsGJ+fHNxhHJFJU6SSCYebYhjozvBQCXscPpyB5zTX5sz6V/7R7A44kg== X-Received: by 2002:a63:f40b:: with SMTP id g11mr10169242pgi.401.1630897615838; Sun, 05 Sep 2021 20:06:55 -0700 (PDT) Received: from nova-ws.. ([103.29.142.250]) by smtp.gmail.com with ESMTPSA id n21sm5641090pfo.61.2021.09.05.20.06.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Sep 2021 20:06:55 -0700 (PDT) From: Xiao Liang To: netfilter-devel Cc: Xiao Liang Subject: [PATCH nft] src: Check range bounds before converting to prefix Date: Mon, 6 Sep 2021 11:06:41 +0800 Message-Id: <20210906030641.10958-1-shaw.leon@gmail.com> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org The lower bound must be the first value of the prefix to be coverted. For example, range "10.0.0.15-10.0.0.240" can not be converted to "10.0.0.15/24". Validate it by checking if the lower bound value has enough trailing zeros. Signed-off-by: Xiao Liang --- src/netlink.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/netlink.c b/src/netlink.c index cbf9d436..0fd0b664 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1079,12 +1079,15 @@ struct expr *range_expr_to_prefix(struct expr *range) if (mpz_bitmask_is_prefix(bitmask, len)) { prefix_len = mpz_bitmask_to_prefix(bitmask, len); - prefix = prefix_expr_alloc(&range->location, expr_get(left), - prefix_len); - mpz_clear(bitmask); - expr_free(range); - - return prefix; + if (mpz_scan1(left->value, 0) >= len - prefix_len) { + prefix = prefix_expr_alloc(&range->location, + expr_get(left), + prefix_len); + mpz_clear(bitmask); + expr_free(range); + + return prefix; + } } mpz_clear(bitmask);