bugzilla-daemon at netfilter.org
2017-Sep-11 10:05 UTC
[Bug 1181] New: incorrect sort function at segtree.c
https://bugzilla.netfilter.org/show_bug.cgi?id=1181
Bug ID: 1181
Summary: incorrect sort function at segtree.c
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: iptables over nftable
Assignee: pablo at netfilter.org
Reporter: cidjey1991 at mail.ru
Created attachment 506
--> https://bugzilla.netfilter.org/attachment.cgi?id=506&action=edit
Suggested solution
Function static int expr_value_cmp(const void *p1, const void *p2) at segtree.c
in nftables sources is incorrect.
static int expr_value_cmp(const void *p1, const void *p2)
{
struct expr *e1 = *(void * const *)p1;
struct expr *e2 = *(void * const *)p2;
int ret;
ret = mpz_cmp(expr_value(e1)->value, expr_value(e2)->value);
if (ret == 0 && (e1->flags & EXPR_F_INTERVAL_END))
return -1;
else
return 1;
return ret;
}
as you can see, running never reaches "return ret" and basically it
doesn't
matter if mpz_cmp returned 1 or -1.
Suggested solution:
static int expr_value_cmp(const void *p1, const void *p2)
{
struct expr *e1 = *(void * const *)p1;
struct expr *e2 = *(void * const *)p2;
int ret;
ret = mpz_cmp(expr_value(e1)->value, expr_value(e2)->value);
if (ret == 0) {
if (e1->flags & EXPR_F_INTERVAL_END)
return -1;
else
return 1;
}
return ret;
}
The patch is attached.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170911/b612a6ad/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 16:00 UTC
[Bug 1181] incorrect sort function at segtree.c
https://bugzilla.netfilter.org/show_bug.cgi?id=1181
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
A very similar patch was applied few months before this report:
commit a177d08d82c4cf946324640a63581e837164dc0b
Author: Phil Sutter <phil at nwl.cc>
Date: Thu Jul 6 16:25:28 2017 +0200
segtree: Fix expr_value_cmp()
Instead of returning the result of mpz_cmp(), this function returned 1
unless both elements were equal and the first one had
EXPR_F_INTERVAL_END set.
The update is similar to the one that this reporter suggests.
Closing.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/06db2b7a/attachment.html>