diff options
author | Florian Westphal <fw@strlen.de> | 2021-02-03 19:42:27 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2021-02-05 12:35:48 +0100 |
commit | 0c189656148d834b17aa9d98b0b11018bc9d2465 (patch) | |
tree | 8e21ff93bd0d910426bba52415c71602fa34168c /src | |
parent | 87ef765a9ad4477b324c06d187d8ea5e521ed2cf (diff) |
evaluate: do not crash if dynamic set has no statements
list_first_entry() returns garbage when the list is empty.
There is no need to run the following loop if we have no statements,
so just return 0.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/evaluate.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 1d5db4da..ccee7e21 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1363,10 +1363,12 @@ static int __expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr *elem) "number of statements mismatch, set expects %d " "but element has %d", num_set_exprs, num_elem_exprs); - } else if (num_set_exprs == 0 && !(set->flags & NFT_SET_EVAL)) { - return expr_error(ctx->msgs, elem, - "missing statements in %s definition", - set_is_map(set->flags) ? "map" : "set"); + } else if (num_set_exprs == 0) { + if (!(set->flags & NFT_SET_EVAL)) + return expr_error(ctx->msgs, elem, + "missing statements in %s definition", + set_is_map(set->flags) ? "map" : "set"); + return 0; } set_stmt = list_first_entry(&set->stmt_list, struct stmt, list); |