diff options
author | Anatole Denis <anatole@rezel.net> | 2016-11-28 17:43:09 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-29 22:46:57 +0100 |
commit | 081f5a2a916ce5f3ccb1a9aca48028e99199498f (patch) | |
tree | 11ac073dd268d1cb764967435bcbf378af793cf6 /tests/shell/testcases/sets | |
parent | b8404c4ba78344abe9fda92c95e69adea9131ff4 (diff) |
tests: Add regression test for malformed sets
see: 5afa5a164ff1c066af1ec56d875b91562882bd50
When a malformed set is added, it was added before erroring out, causing a
segfault further down when used. This tests for this case, ensuring that
nftables doesn't segfault but errors correctly
Signed-off-by: Anatole Denis <anatole@rezel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/sets')
-rwxr-xr-x | tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 new file mode 100755 index 00000000..5d1a2dab --- /dev/null +++ b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 @@ -0,0 +1,33 @@ +#!/bin/bash + +# This tests for the bug corrected in commit 5afa5a164ff1c066af1ec56d875b91562882bd50. +# Sets were added to the table before checking for errors, and not removed from +# the table on error, leading to an uninitialized set in the table, causing a +# segfault for rules that tried to use it. +# In this case, nft should error out because the set doesn't exist instead of +# segfaulting + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +echo " +add table t +add chain t c +add set t s {type ipv4_addr\;} +add rule t c ip saddr @s +" >$tmpfile + +$NFT -f $tmpfile +ret=$? + +trap - EXIT +if [[ $ret -eq 1 ]]; then + exit 0 +else + exit 1 +fi |