From e7ff8bab1f72c5b45ead02a0e5302359616e5cdc Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 5 Apr 2014 20:31:37 +0200
Subject: src: fix bogus assertion for unset attributes

If you try to obtain an unset attribute, you hit an assertion error
that should not happen. Fix this by checking if the attribute is
unset, otherwise skip the assertion checking.

Now that we have that nft_assert takes the data parameter, we can also
validate if someone is using the setter passing NULL, which is illegal.
So let's add an assertion for that as well.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/internal.h | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'src/internal.h')

diff --git a/src/internal.h b/src/internal.h
index 3216bc6..ba994c8 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -189,15 +189,17 @@ struct nft_set_elem {
 
 void __nft_assert_fail(uint16_t attr, const char *filename, int line);
 
-#define nft_assert(attr, expr)				\
-  ((expr)						\
+#define nft_assert(val, attr, expr)			\
+  ((!val || expr)					\
    ? (void)0						\
    : __nft_assert_fail(attr, __FILE__, __LINE__))
 
-#define nft_assert_validate(_validate_array, _attr, _data_len)		\
-({									\
-	if (_validate_array[_attr])					\
-		nft_assert(attr, _validate_array[_attr] == _data_len);	\
+#define nft_assert_validate(data, _validate_array, _attr, _data_len)		\
+({										\
+	if (!data)								\
+		__nft_assert_fail(attr, __FILE__, __LINE__);			\
+	if (_validate_array[_attr])						\
+		nft_assert(data, attr, _validate_array[_attr] == _data_len);	\
 })
 
 #endif
-- 
cgit v1.2.3