From 18f01acbdefb211ebfefb728d2b6843c59ae06db Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 15 Apr 2020 21:29:27 +0200
Subject: nft-shared: skip check for jumpto if cs->target is unset

The command_jump() function leaves cs->target unset if the target is not
found. Let's check if the jumpto string mismatches only in this case.

https://bugzilla.netfilter.org/show_bug.cgi?id=1422
Tested-by: Etienne Champetier <etienne.champetier@anevia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-shared.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'iptables')

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 42676564..5192e363 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -1013,7 +1013,8 @@ bool nft_ipv46_rule_find(struct nft_handle *h, struct nftnl_rule *r, void *data)
 		goto out;
 	}
 
-	if (strcmp(cs->jumpto, this.jumpto) != 0) {
+	if ((!cs->target || !this.target) &&
+	    strcmp(cs->jumpto, this.jumpto) != 0) {
 		DEBUGP("Different verdict\n");
 		goto out;
 	}
-- 
cgit v1.2.3