diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-07-05 14:03:33 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-07-05 16:11:37 +0200 |
| commit | ac77f3805c71f14c51730a9c5cb726ee67f14159 (patch) | |
| tree | 37e2a4f12ea02d5aecd0721399c6ead7a46c31b6 /src/optimize.c | |
| parent | 2ee93ca27ddca1d8302402c6d3b6da3cd59595d8 (diff) | |
optimize: clone counter before insertion into set element
The counter statement that is zapped from the rule needs to be cloned
before inserting it into each set element.
Fixes: 686ab8b6996e ("optimize: do not remove counter in verdict maps")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/optimize.c')
| -rw-r--r-- | src/optimize.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/optimize.c b/src/optimize.c index 1dd08586..62dd9082 100644 --- a/src/optimize.c +++ b/src/optimize.c @@ -692,29 +692,36 @@ static void build_verdict_map(struct expr *expr, struct stmt *verdict, struct expr *set, struct stmt *counter) { struct expr *item, *elem, *mapping; + struct stmt *counter_elem; switch (expr->etype) { case EXPR_LIST: list_for_each_entry(item, &expr->expressions, list) { elem = set_elem_expr_alloc(&internal_location, expr_get(item)); - if (counter) - list_add_tail(&counter->list, &elem->stmt_list); + if (counter) { + counter_elem = counter_stmt_alloc(&counter->location); + list_add_tail(&counter_elem->list, &elem->stmt_list); + } mapping = mapping_expr_alloc(&internal_location, elem, expr_get(verdict->expr)); compound_expr_add(set, mapping); } + stmt_free(counter); break; case EXPR_SET: list_for_each_entry(item, &expr->expressions, list) { elem = set_elem_expr_alloc(&internal_location, expr_get(item->key)); - if (counter) - list_add_tail(&counter->list, &elem->stmt_list); + if (counter) { + counter_elem = counter_stmt_alloc(&counter->location); + list_add_tail(&counter_elem->list, &elem->stmt_list); + } mapping = mapping_expr_alloc(&internal_location, elem, expr_get(verdict->expr)); compound_expr_add(set, mapping); } + stmt_free(counter); break; case EXPR_PREFIX: case EXPR_RANGE: @@ -819,8 +826,8 @@ static void __merge_concat_stmts_vmap(const struct optimize_ctx *ctx, struct expr *set, struct stmt *verdict) { struct expr *concat, *next, *elem, *mapping; + struct stmt *counter, *counter_elem; LIST_HEAD(concat_list); - struct stmt *counter; counter = zap_counter(ctx, i); __merge_concat(ctx, i, merge, &concat_list); @@ -828,13 +835,16 @@ static void __merge_concat_stmts_vmap(const struct optimize_ctx *ctx, list_for_each_entry_safe(concat, next, &concat_list, list) { list_del(&concat->list); elem = set_elem_expr_alloc(&internal_location, concat); - if (counter) - list_add_tail(&counter->list, &elem->stmt_list); + if (counter) { + counter_elem = counter_stmt_alloc(&counter->location); + list_add_tail(&counter_elem->list, &elem->stmt_list); + } mapping = mapping_expr_alloc(&internal_location, elem, expr_get(verdict->expr)); compound_expr_add(set, mapping); } + stmt_free(counter); } static void merge_concat_stmts_vmap(const struct optimize_ctx *ctx, |