[pkg-netfilter-team] Bug#932880: invalid octals silently parsed as zero
Trent W. Buck
trentbuck at gmail.com
Wed Jul 24 06:04:17 BST 2019
Package: nftables
Version: 0.9.1-2
Severity: important
I was aligning literal numbers with leading zeroes (instead of spaces).
I found that nft treats "010" as an octal number, i.e. 010 = 8. Fine.
But nft also thinks that 099 = 0!
nft should error out when it encounters such an invalid octal.
A simple example ruleset is shown below.
#!/usr/sbin/nft --file
flush ruleset
add table x
add chain x y
add rule x y ip saddr 9 continue comment "parsed as 0.0.0.9/32"
add rule x y ip saddr 09 continue comment "parsed as 0.0.0.0/32"
## This one generates an error, because "1 - 0" is an invalid interval.
#add rule x y ip saddr { 01 - 09 } continue
list chain x y
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the pkg-netfilter-team
mailing list