[Bug 1459] New: EMLINK error for NFT_GOTO

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1459

            Bug ID: 1459
           Summary: EMLINK error for NFT_GOTO
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: kernel
          Assignee: pablo at netfilter.org
          Reporter: steve at opendium.com

Created attachment 605
  --> https://bugzilla.netfilter.org/attachment.cgi?id=605&action=edit
Don't increment pctx->level when following gotos

nft_immediate_validate() and nft_lookup_validate_setelem() treat NFT_GOTO and
NFT_JUMP identically, incrementing pctx->level for both.  This results in a
-EMLINK ("Too many links") being unexpectedly returned for rulesets that use
lots of gotos.

Having looked at other parts of the code, I can't see a reason for incrementing
the stack level for NFT_GOTO - it doesn't appear to use any real stack space.

The attached patch fixes this problem.


A couple of stylistic comments on the code, which I haven't attempted to fix:
1. ctx is passed as a const, but the constness is cast away, which isn't great
practice.
2. ctx->level is modified, even though ctx is passed as a const, and in the
case of an error the original value isn't restored.  I'm guessing that the
caller probably throws away ctx anyway, so this probably doesn't have any
real-world implications, other than the potential for future bugs introduced by
someone expecting const to mean const.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/9f44392c/attachment.html>