From a320531e78f1bcb12b24da048f34592771392a9a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 24 Jul 2013 15:14:22 +0200
Subject: datatype: fix crash if wrong integer type is passed

Eric Leblond reported that this command:

nft add rule ip6 filter input position 4 meta protocol icmpv6 accept

crashes nft. The problem is that 'icmpv6' is wrong there, as
meta protocol is expecting an ethernet protocol, that can be
expressed as an hexadecimal.

Now this command displays the following error:

<cmdline>:1:52-57: Error: This is not a valid Ethernet protocol
add rule ip6 filter input position 4 meta protocol icmpv6 accept
                                                   ^^^^^^

This closes bugzilla #834:
https://bugzilla.netfilter.org/show_bug.cgi?id=834

Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/datatype.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/datatype.c b/src/datatype.c
index 62539957..55368eed 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -229,8 +229,10 @@ static struct error_record *integer_type_parse(const struct expr *sym,
 	if (gmp_sscanf(sym->identifier, "%Zu%n", v, &len) != 1 ||
 	    (int)strlen(sym->identifier) != len) {
 		mpz_clear(v);
-		if (sym->dtype != &integer_type)
-			return NULL;
+		if (sym->dtype != &integer_type) {
+			return error(&sym->location, "This is not a valid %s",
+				     sym->dtype->desc);
+		}
 		return error(&sym->location, "Could not parse %s",
 			     sym->dtype->desc);
 	}
-- 
cgit v1.2.3