diff options
author | Florian Westphal <fw@strlen.de> | 2018-05-29 22:29:50 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-05-30 12:13:35 +0200 |
commit | 1e6427abc0221a5e7ed3f943cbf05acb8682c721 (patch) | |
tree | 98de7db83adcdb0a2fb3b2986d7a3cc8aec02367 /iptables/nft.c | |
parent | cb368b6f6f58bf04ad2bf3316b8e1ddf5389e3f9 (diff) |
xtables-compat: skip invalid tables
in bridge and arp families, some tables such as security do not exist,
so name is NULL. skip them, else we segfault in strcmp.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 424c9119..08cbdc86 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2959,7 +2959,7 @@ static int nft_is_chain_compatible(const struct nft_handle *h, cur_table = h->tables[i].name; chains = h->tables[i].chains; - if (strcmp(table, cur_table) != 0) + if (!cur_table || strcmp(table, cur_table) != 0) continue; for (j = 0; j < NF_INET_NUMHOOKS && chains[j].name; j++) { @@ -3017,6 +3017,8 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename) int ret = 0, i; for (i = 0; i < TABLES_MAX; i++) { + if (!h->tables[i].name) + continue; if (strcmp(h->tables[i].name, tablename) == 0) break; } |