diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-05-14 20:43:35 +0800 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2016-05-14 22:03:22 +0200 |
commit | d4b86b6bfdf979a13c7cf4231bb4ec1d0c04d6a3 (patch) | |
tree | 5eebb6a7a2c0400a529bf441396a10f471c473e9 /src/evaluate.c | |
parent | 4caf82919d3c8e85a0ebc6028229bea58a6268ba (diff) |
evaluate: fix crash if we add an error format rule
If we add a such nft rule:
nft add rule filter input ip protocol icmp tcp dport 0
we will always meet the assert condition:
nft: evaluate.c:536: resolve_protocol_conflict: Assertion `base < (__PROTO_BASE_MAX - 1)' failed.
Aborted (core dumped)
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 53f19b29..c317761f 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -533,7 +533,7 @@ static int resolve_protocol_conflict(struct eval_ctx *ctx, list_add_tail(&nstmt->list, &ctx->stmt->list); } - assert(base < PROTO_BASE_MAX); + assert(base <= PROTO_BASE_MAX); /* This payload and the existing context don't match, conflict. */ if (ctx->pctx.protocol[base + 1].desc != NULL) return 1; |