From 5f43ea807bb0f5b30f332c2c96f13e33c9243d22 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 4 Dec 2023 22:00:06 +0100
Subject: evaluate: reject attempt to update a set

This will crash as set->data is NULL, so check that SET_REF is pointing
to a map:

Error: candidates_ipv4 is not a map
tcp dport 10003 ip saddr . tcp dport @candidates_ipv4 add @candidates_ipv4 { ip saddr . 10 :0004 timeout 1s }
                                     ~~~~~~~~~~~~~~~~

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 tests/shell/testcases/bogons/nft-f/add_to_a_set_crash | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 tests/shell/testcases/bogons/nft-f/add_to_a_set_crash

(limited to 'tests/shell/testcases/bogons/nft-f/add_to_a_set_crash')

diff --git a/tests/shell/testcases/bogons/nft-f/add_to_a_set_crash b/tests/shell/testcases/bogons/nft-f/add_to_a_set_crash
new file mode 100644
index 00000000..80a01b45
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/add_to_a_set_crash
@@ -0,0 +1,11 @@
+table t {
+        set candidates_ipv4 {
+                type ipv4_addr . inet_service
+                size 65535
+                flags dynamic,timeout
+        }
+
+        chain input {
+                tcp dport 10003 ip saddr . tcp dport @candidates_ipv4 add @candidates_ipv4 { ip saddr . 10 :0004 timeout 1s }
+        }
+}
-- 
cgit v1.2.3