From 1e6427abc0221a5e7ed3f943cbf05acb8682c721 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 29 May 2018 22:29:50 +0200
Subject: xtables-compat: skip invalid tables

in bridge and arp families, some tables such as security do not exist,
so name is NULL. skip them, else we segfault in strcmp.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/nft.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'iptables')

diff --git a/iptables/nft.c b/iptables/nft.c
index 424c9119..08cbdc86 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2959,7 +2959,7 @@ static int nft_is_chain_compatible(const struct nft_handle *h,
 		cur_table = h->tables[i].name;
 		chains = h->tables[i].chains;
 
-		if (strcmp(table, cur_table) != 0)
+		if (!cur_table || strcmp(table, cur_table) != 0)
 			continue;
 
 		for (j = 0; j < NF_INET_NUMHOOKS && chains[j].name; j++) {
@@ -3017,6 +3017,8 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename)
 	int ret = 0, i;
 
 	for (i = 0; i < TABLES_MAX; i++) {
+		if (!h->tables[i].name)
+			continue;
 		if (strcmp(h->tables[i].name, tablename) == 0)
 			break;
 	}
-- 
cgit v1.2.3