diff options
author | Alvaro Neira <alvaroneay@gmail.com> | 2014-11-26 12:07:51 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-26 12:12:51 +0100 |
commit | 8ff7fed3b0d866268322d27511ddc73fbd8c77c8 (patch) | |
tree | 59e3858117bae60f5405cf8f9a04c3610f8aed06 | |
parent | 57b1eb1ccc074337cc64b86f5bbcedfb583deaeb (diff) |
evaluate: reject: fix crash on NULL location with bridge and tcp reset
If we use tcp reset with a network protocol that tcp is not supported,
we display an error. This error use the reject.expr location which is NULL,
therefore we have a crash. This patch replaces it using the reject statement
to display the error like:
Rule:
nft add bridge filter input ether type vlan reject with tcp reset
Output:
<cmdline>:1:46-51: Error: cannot reject this ether type
add rule bridge filter input ether type vlan reject with tcp reset
~~~~~~~~~~~~~~~ ^^^^^^
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/evaluate.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 3eeb614c..00e55b7d 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1277,7 +1277,7 @@ static int stmt_evaluate_reject_bridge_family(struct eval_ctx *ctx, case __constant_htons(ETH_P_IPV6): break; default: - return stmt_binary_error(ctx, stmt->reject.expr, + return stmt_binary_error(ctx, stmt, &ctx->pctx.protocol[PROTO_BASE_NETWORK_HDR], "cannot reject this ether type"); } |