On Fri, Jul 25, 2025 at 11:26:40PM +0200, Phil Sutter wrote: > Introduction of EXPR_RANGE_SYMBOL type inadvertently disabled sanitizing > of meta hour ranges where the lower boundary has a higher value than the > upper boundary. This may happen outside of user control due to the fact > that given ranges are converted to UTC which is the kernel's native > timezone. > > Restore the conditional match and op inversion by matching on the new > RHS expression type and also expand it so values are comparable. Since > this replaces the whole range expression, make it replace the > relational's RHS entirely. Thanks, I suspect this bug is related to this recent ticket: https://bugzilla.netfilter.org/show_bug.cgi?id=1805 > While at it extend testsuites to cover these corner-cases. Thanks for improving coverage for this. > Fixes: 347039f64509e ("src: add symbol range expression to further compact intervals") > Signed-off-by: Phil Sutter <phil@xxxxxx> Reviewed-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > @@ -2772,12 +2780,15 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr) > > pctx = eval_proto_ctx(ctx); > > - if (rel->right->etype == EXPR_RANGE && lhs_is_meta_hour(rel->left)) { > - ret = __expr_evaluate_range(ctx, &rel->right); > + if (lhs_is_meta_hour(rel->left) && > + rel->right->etype == EXPR_RANGE_SYMBOL) { Side note, thanks for reversing this check.
