rule: return error if table does not exist

commit 853d3a2d3cbdc7aab16d3d33999d00b32a6db7ce upstream.

The bogon triggers segfault due to NULL dereference.  Error out and set
errno to ENOENT; caller uses strerror() in the errmsg.

After fix, loading reproducer results in:
/tmp/A:2:1-18: Error: Could not process rule: No such file or directory
list table inet p
^^^^^^^^^^^^^^^^^^

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 10 insertions, 1 deletions

diff --git a/src/rule.c b/src/rule.c
index 4b9eb1c2..b4f1d98e 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2521,10 +2521,16 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
 	if (nft_output_json(&ctx->nft->output))
 		return do_command_list_json(ctx, cmd);
 
-	if (cmd->handle.table.name != NULL)
+	if (cmd->handle.table.name != NULL) {
 		table = table_cache_find(&ctx->nft->cache.table_cache,
 					 cmd->handle.table.name,
 					 cmd->handle.family);
+		if (!table) {
+			errno = ENOENT;
+			return -1;
+		}
+	}
+
 	switch (cmd->obj) {
 	case CMD_OBJ_TABLE:
 		if (!cmd->handle.table.name)
diff --git a/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash b/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
new file mode 100644
index 00000000..b802430b
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
@@ -0,0 +1,3 @@
+table inet p
+list table inet p
+delete  table inet p