src: don't create iterator with empty list

Currently, we create iterator without test if the list is empty. If the
list is empty, we have a crash when we set up the current element. With
this patch, we test if the list is empty before to create the iterator.
If the list is empty the iterator return NULL.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 15 insertions, 2 deletions

diff --git a/src/rule.c b/src/rule.c
index c974f8b..ac5136c 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1043,7 +1043,11 @@ struct nft_rule_expr_iter *nft_rule_expr_iter_create(struct nft_rule *r)
 		return NULL;
 
 	iter->r = r;
-	iter->cur = list_entry(r->expr_list.next, struct nft_rule_expr, head);
+	if (list_empty(&r->expr_list))
+		iter->cur = NULL;
+	else
+		iter->cur = list_entry(r->expr_list.next, struct nft_rule_expr,
+				       head);
 
 	return iter;
 }
@@ -1053,6 +1057,9 @@ struct nft_rule_expr *nft_rule_expr_iter_next(struct nft_rule_expr_iter *iter)
 {
 	struct nft_rule_expr *expr = iter->cur;
 
+	if (expr == NULL)
+		return NULL;
+
 	/* get next expression, if any */
 	iter->cur = list_entry(iter->cur->head.next, struct nft_rule_expr, head);
 	if (&iter->cur->head == iter->r->expr_list.next)
@@ -1152,7 +1159,10 @@ struct nft_rule_list_iter *nft_rule_list_iter_create(struct nft_rule_list *l)
 		return NULL;
 
 	iter->list = l;
-	iter->cur = list_entry(l->list.next, struct nft_rule, head);
+	if (nft_rule_list_is_empty(l))
+		iter->cur = NULL;
+	else
+		iter->cur = list_entry(l->list.next, struct nft_rule, head);
 
 	return iter;
 }
@@ -1168,6 +1178,9 @@ struct nft_rule *nft_rule_list_iter_next(struct nft_rule_list_iter *iter)
 {
 	struct nft_rule *r = iter->cur;
 
+	if (r == NULL)
+		return NULL;
+
 	/* get next rule, if any */
 	iter->cur = list_entry(iter->cur->head.next, struct nft_rule, head);
 	if (&iter->cur->head == iter->list->list.next)