From 0fe79458cb5ae36d838f0e5a5dc5cc6f332cac03 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 22 Dec 2022 11:23:00 +0100
Subject: [PATCH] evaluate: fix shift exponent underflow in concatenation
 evaluation

There is an underflow of the index that iterates over the concatenation:

../include/datatype.h:292:15: runtime error: shift exponent 4294967290 is too large for 32-bit type 'unsigned int'

set the datatype to invalid which is fine to evaluate a concatenation
in a set/map statement.

Conflict: NA
Reference: https://git.netfilter.org/nftables/commit?id=0fe79458cb5ae36d838f0e5a5dc5cc6f332cac03

Update b8e1940aa190 ("tests: add a test case for map update from packet
path with concat") so it does not need a workaround to work.

---
 src/evaluate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/evaluate.c b/src/evaluate.c
index 37d0bff..36ce38b 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1265,7 +1265,7 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr)
 						 "expecting %s",
 						 dtype->desc);
 
-		if (dtype == NULL)
+		if (dtype == NULL || off == 0)
 			tmp = datatype_lookup(TYPE_INVALID);
 		else
 			tmp = concat_subtype_lookup(type, --off);
-- 
2.33.0