From patchwork Mon Dec  1 11:45:49 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pablo Neira Ayuso <pablo@netfilter.org>
X-Patchwork-Id: 416417
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 9EB3A14016B
	for <incoming@patchwork.ozlabs.org>;
	Mon,  1 Dec 2014 22:43:44 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753178AbaLALno (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 1 Dec 2014 06:43:44 -0500
Received: from mail.us.es ([193.147.175.20]:41604 "EHLO mail.us.es"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753081AbaLALnn (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Mon, 1 Dec 2014 06:43:43 -0500
Received: (qmail 7673 invoked from network); 1 Dec 2014 12:43:41 +0100
Received: from unknown (HELO us.es) (192.168.2.11)
	by us.es with SMTP; 1 Dec 2014 12:43:41 +0100
Received: (qmail 27505 invoked by uid 507); 1 Dec 2014 11:43:41 -0000
X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus1 (envelope-from
	<pablo@netfilter.org>, uid 501) with qmail-scanner-2.10
	(clamdscan: 0.98.5/19703. spamassassin: 3.3.2.  
	Clear:RC:1(127.0.0.1):SA:0(-103.2/7.5):.
	Processed in 2.062746 secs); 01 Dec 2014 11:43:41 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on antivirus1
X-Spam-Level: 
X-Spam-Status: No, score=-103.2 required=7.5 tests=BAYES_50,SMTPAUTH_US,
	USER_IN_WHITELIST autolearn=disabled version=3.3.2
X-Spam-ASN: AS12715 87.216.0.0/16
X-Envelope-From: pablo@netfilter.org
Received: from unknown (HELO antivirus1) (127.0.0.1)
	by us.es with SMTP; 1 Dec 2014 11:43:39 -0000
Received: from 192.168.1.13 (192.168.1.13)
	by antivirus1 (F-Secure/fsigk_smtp/412/antivirus1);
	Mon, 01 Dec 2014 12:43:39 +0100 (CET)
X-Virus-Status: clean(F-Secure/fsigk_smtp/412/antivirus1)
Received: (qmail 7019 invoked from network); 1 Dec 2014 12:43:39 +0100
Received: from 129.166.216.87.static.jazztel.es (HELO salvia.here)
	(pneira@us.es@87.216.166.129)
	by mail.us.es with SMTP; 1 Dec 2014 12:43:39 +0100
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [PATCH nft 1/5] netlink_delinearize: clone on
	netlink_get_register(), release previous on _set()
Date: Mon,  1 Dec 2014 12:45:49 +0100
Message-Id: <1417434354-5782-1-git-send-email-pablo@netfilter.org>
X-Mailer: git-send-email 1.7.10.4
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

If we add this rule:

  nft add rule filter input meta length 33-55

the listing shows:

  meta length >= 33 meta length <= 754974720

The two meta statements share the same left-hand side, thus, only the
first one is converted from network byte order to host byte order.

Update netlink_get_register() to return a clone so each left-hand side
has its own left-hand side.

Moreover, release the existing register before overriding it with fresh
expressions in netlink_set_register().

Thefore, if you manipulate a register from any of the existing parse
functions, you have to re-set it again to place fresh modified clone.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c |   14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 1be409b..c809bb6 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -57,6 +57,9 @@ static void netlink_set_register(struct netlink_parse_ctx *ctx,
 		return;
 	}
 
+	if (ctx->registers[reg] != NULL)
+		expr_free(ctx->registers[reg]);
+
 	ctx->registers[reg] = expr;
 }
 
@@ -72,7 +75,15 @@ static struct expr *netlink_get_register(struct netlink_parse_ctx *ctx,
 	}
 
 	expr = ctx->registers[reg];
-	return expr;
+	return expr_clone(expr);
+}
+
+static void netlink_release_registers(struct netlink_parse_ctx *ctx)
+{
+	int i;
+
+	for (i = 0; i <= NFT_REG_MAX; i++)
+		expr_free(ctx->registers[i]);
 }
 
 static void netlink_parse_immediate(struct netlink_parse_ctx *ctx,
@@ -1109,5 +1120,6 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
 	nft_rule_expr_foreach((struct nft_rule *)nlr, netlink_parse_expr, pctx);
 
 	rule_parse_postprocess(pctx, pctx->rule);
+	netlink_release_registers(pctx);
 	return pctx->rule;
 }