rule: skip CMD_OBJ_SETELEMS with no elements after set flush

Set declaration + set flush results in a crash because CMD_OBJ_SETELEMS does not expect no elements. This internal command only shows up if set contains elements, however, evaluation flushes set content after the set expansion. Skip this command CMD_OBJ_SETELEMS if set is empty. Fixes: d3c8051cb767 ("rule: rework CMD_OBJ_SETELEMS logic") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2025-11-20 00:41:13 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-11-24 23:37:14 +0100
commit: 8b7a533f8f8b276bfa71dcb306d6857e54015234 (patch)
tree: a581db6a4fc9a42864ce9f0530776034073d9b60 /src
parent: 32c994f84904e9854d527217ececf0b97d89410d (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/rule.c b/src/rule.c
index bb6f62c8..8f8b77f1 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1499,6 +1499,9 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd,
 {
 	struct set *set = cmd->set;
 
+	if (!set->init)
+		return 0;
+
 	return __do_add_elements(ctx, cmd, set, set->init, flags);
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2025-11-20 00:41:13 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-11-24 23:37:14 +0100
commit	8b7a533f8f8b276bfa71dcb306d6857e54015234 (patch)
tree	a581db6a4fc9a42864ce9f0530776034073d9b60 /src
parent	32c994f84904e9854d527217ececf0b97d89410d (diff)