bugzilla-daemon at netfilter.org
2017-Sep-11 10:05 UTC
[Bug 1181] New: incorrect sort function at segtree.c
https://bugzilla.netfilter.org/show_bug.cgi?id=1181 Bug ID: 1181 Summary: incorrect sort function at segtree.c Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: minor Priority: P5 Component: iptables over nftable Assignee: pablo at netfilter.org Reporter: cidjey1991 at mail.ru Created attachment 506 --> https://bugzilla.netfilter.org/attachment.cgi?id=506&action=edit Suggested solution Function static int expr_value_cmp(const void *p1, const void *p2) at segtree.c in nftables sources is incorrect. static int expr_value_cmp(const void *p1, const void *p2) { struct expr *e1 = *(void * const *)p1; struct expr *e2 = *(void * const *)p2; int ret; ret = mpz_cmp(expr_value(e1)->value, expr_value(e2)->value); if (ret == 0 && (e1->flags & EXPR_F_INTERVAL_END)) return -1; else return 1; return ret; } as you can see, running never reaches "return ret" and basically it doesn't matter if mpz_cmp returned 1 or -1. Suggested solution: static int expr_value_cmp(const void *p1, const void *p2) { struct expr *e1 = *(void * const *)p1; struct expr *e2 = *(void * const *)p2; int ret; ret = mpz_cmp(expr_value(e1)->value, expr_value(e2)->value); if (ret == 0) { if (e1->flags & EXPR_F_INTERVAL_END) return -1; else return 1; } return ret; } The patch is attached. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170911/b612a6ad/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 16:00 UTC
[Bug 1181] incorrect sort function at segtree.c
https://bugzilla.netfilter.org/show_bug.cgi?id=1181 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- A very similar patch was applied few months before this report: commit a177d08d82c4cf946324640a63581e837164dc0b Author: Phil Sutter <phil at nwl.cc> Date: Thu Jul 6 16:25:28 2017 +0200 segtree: Fix expr_value_cmp() Instead of returning the result of mpz_cmp(), this function returned 1 unless both elements were equal and the first one had EXPR_F_INTERVAL_END set. The update is similar to the one that this reporter suggests. Closing. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/06db2b7a/attachment.html>