From ff355ec0f7732d6835f4e339abb1778924771fde Mon Sep 17 00:00:00 2001
From: Phil Oester <kernel@linuxace.com>
Date: Fri, 29 Nov 2013 12:30:04 -0800
Subject: parser: segfault in top scope define

nft segfaults if a symbol is added in top_scope, because of a missing
init_list_head.  Trivial example:

    define ip_set = {192.168.1.2, 192.168.2.3}
    add rule filter output ip daddr $ip_set counter

This closes netfilter bugzilla #877.

Reported-by: Anand Raj Manickam <anandrm@gmail.com>
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser.y | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/parser.y')

diff --git a/src/parser.y b/src/parser.y
index a49e5c2a..c6f8c9d4 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -32,6 +32,7 @@ void parser_init(struct parser_state *state, struct list_head *msgs)
 {
 	memset(state, 0, sizeof(*state));
 	init_list_head(&state->cmds);
+	init_list_head(&state->top_scope.symbols);
 	state->msgs = msgs;
 	state->scopes[0] = scope_init(&state->top_scope, NULL);
 }
-- 
cgit v1.2.3