From d9957a5c57a11df8233ea4a7c91c579af511e4b6 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 11 Aug 2021 05:24:48 +0200
Subject: tcpopt: bogus assertion on undefined options

 # nft add rule x y tcp option 6 exists
 # nft list ruleset
 nft: tcpopt.c:208: tcpopt_init_raw: Assertion `expr->exthdr.desc != NULL' failed.
 Aborted

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1557
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/tcpopt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/tcpopt.c b/src/tcpopt.c
index 05b5ee6e..53fe9bc8 100644
--- a/src/tcpopt.c
+++ b/src/tcpopt.c
@@ -200,7 +200,8 @@ void tcpopt_init_raw(struct expr *expr, uint8_t type, unsigned int off,
 	else
 		datatype_set(expr, &integer_type);
 
-	if (type >= array_size(tcpopt_protocols))
+	if (type >= array_size(tcpopt_protocols) ||
+	    !tcpopt_protocols[type])
 		return;
 
 	expr->exthdr.desc = tcpopt_protocols[type];
-- 
cgit v1.2.3