From 7c9a1521105aa515a272e2d04fa806bed8b43396 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 19 Sep 2018 15:17:07 +0200
Subject: arptables: Fix incorrect strcmp() in nft_arp_rule_find()

Since nft_arp_rule_to_cs() may not set cs->jumpto, later call to
strcmp() may be passed a NULL pointer. Therefore check if the pointer is
valid before doing so.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/nft-arp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'iptables/nft-arp.c')

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index b8e89826..a2109c60 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -661,7 +661,7 @@ static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
 	if (!compare_targets(cs->target, this.target))
 		return false;
 
-	if (strcmp(cs->jumpto, this.jumpto) != 0)
+	if (this.jumpto && strcmp(cs->jumpto, this.jumpto) != 0)
 		return false;
 
 	return true;
-- 
cgit v1.2.3