netfilter buglog - Aug 2019 - [Bug 1363] New: nft: invalid octals silently parsed as zero

https://bugzilla.netfilter.org/show_bug.cgi?id=1363

            Bug ID: 1363
           Summary: nft: invalid octals silently parsed as zero
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: arturo at debian.org

Bug reported in the Debian bug tracker:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932880

Original message follows:

I was aligning literal numbers with leading zeroes (instead of spaces).
I found that nft treats "010" as an octal number, i.e. 010 = 8.  Fine.
But nft also thinks that 099 = 0!

nft should error out when it encounters such an invalid octal.

A simple example ruleset is shown below.

    #!/usr/sbin/nft --file

    flush ruleset

    add table x
    add chain x y
    add rule x y ip saddr 9 continue   comment "parsed as 0.0.0.9/32"
    add rule x y ip saddr 09 continue  comment "parsed as 0.0.0.0/32"
    ## This one generates an error, because "1 - 0" is an invalid
interval.
    #add rule x y ip saddr { 01 - 09 } continue

    list chain x y

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190828/4c70bd4e/attachment-0001.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1363

Fernando F. Mancera <ffmancera at riseup.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ffmancera at riseup.net
             Status|NEW                         |ASSIGNED

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190909/3b27f908/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1363

Fernando F. Mancera <ffmancera at riseup.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |NEW

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190909/e74cfa26/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1363

kfm at plushkava.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kfm at plushkava.net

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191231/844a3d53/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1363

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
We are exposing the semantics of mpz_set_str():

https://gmplib.org/manual/Assigning-Integers.html

Probably mpz_set_str() does not bails out with 099, I have to test.

We should probably document this OR disregard octal notation.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200110/d5cccdb1/attachment.html>