[PATCH nft] evaluate: tolerate empty concatenation

[Florian Westphal <fw@xxxxxxxxx>]

Don't rely on a successful evaluation of set->key.
With this input, set->key fails validation but subsequent
element evaluation asserts because the context points at
the set key -- an empty concatenation.

Causes:
nft: src/evaluate.c:1681: expr_evaluate_concat: Assertion `!list_empty(&ctx->ectx.key->expressions)' failed.

After patch:
internal:0:0-0: Error: unqualified type  specified in set definition. Try "typeof expression" instead of "type datatype".
internal:0:0-0: Error: Could not parse symbolic invalid expression

Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
 src/evaluate.c                                | 10 +++++--
 ...pr_evaluate_concat_empty_concat_key_assert | 27 +++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 tests/shell/testcases/bogons/nft-j-f/expr_evaluate_concat_empty_concat_key_assert

diff --git a/src/evaluate.c b/src/evaluate.c
index 1e7f6f53542b..a6b08cf3b1b5 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1645,6 +1645,13 @@ static int list_member_evaluate(struct eval_ctx *ctx, struct expr **expr)
 	return err;
 }
 
+static bool ctx_has_concat_key(const struct eval_ctx *ctx)
+{
+	/* Ignore empty concatenation key, set eval queued an error */
+	return ctx->ectx.key && ctx->ectx.key->etype == EXPR_CONCAT &&
+	       !list_empty(&ctx->ectx.key->expressions);
+}
+
 static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr)
 {
 	const struct datatype *dtype = ctx->ectx.dtype, *tmp;
@@ -1657,9 +1664,8 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr)
 	bool runaway = false;
 	uint32_t size = 0;
 
-	if (ctx->ectx.key && ctx->ectx.key->etype == EXPR_CONCAT) {
+	if (ctx_has_concat_key(ctx)) {
 		key_ctx = ctx->ectx.key;
-		assert(!list_empty(&ctx->ectx.key->expressions));
 		key = list_first_entry(&ctx->ectx.key->expressions, struct expr, list);
 		expressions = &ctx->ectx.key->expressions;
 	}
diff --git a/tests/shell/testcases/bogons/nft-j-f/expr_evaluate_concat_empty_concat_key_assert b/tests/shell/testcases/bogons/nft-j-f/expr_evaluate_concat_empty_concat_key_assert
new file mode 100644
index 000000000000..956ecdc99721
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-j-f/expr_evaluate_concat_empty_concat_key_assert
@@ -0,0 +1,27 @@
+{
+  "nftables": [
+    {
+      "table": { "family": "ip",
+        "name": "t",
+        "handle": 0
+      }
+    },
+    {
+      "set": {
+        "family": "ip",
+        "name": "s",
+        "table": "t",
+        "type": [
+             ],
+        "elem": [
+          {
+            "concat": [
+              "foo", "bar"
+            ]
+          }
+        ]
+      }
+    }
+  ]
+}
+
-- 
2.48.1