diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-04-30 01:01:17 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-02 23:30:35 +0200 |
| commit | 3392883f4566030853184f261d3ec1a62a7b4c1d (patch) | |
| tree | a211c4d4850ed46afe761691e49b3337ac107fc8 | |
| parent | 56ca2432526ac14cc677b7da1262f027c7cf34be (diff) | |
rule: skip fuzzy lookup for unexisting 64-bit handle
Deletion by handle, if incorrect, should not exercise the misspell
lookup functions.
Fixes: 3a0e07106f66 ("src: combine extended netlink error reporting with mispelling support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/cmd.c | 15 | ||||
| -rwxr-xr-x | tests/shell/testcases/cache/0009_delete_by_handle_incorrect_0 | 8 |
2 files changed, 23 insertions, 0 deletions
@@ -14,6 +14,9 @@ static int nft_cmd_enoent_table(struct netlink_ctx *ctx, const struct cmd *cmd, { struct table *table; + if (!cmd->handle.table.name) + return 0; + table = table_lookup_fuzzy(&cmd->handle, &ctx->nft->cache); if (!table) return 0; @@ -30,6 +33,9 @@ static int nft_cmd_enoent_chain(struct netlink_ctx *ctx, const struct cmd *cmd, const struct table *table; struct chain *chain; + if (!cmd->handle.chain.name) + return 0; + chain = chain_lookup_fuzzy(&cmd->handle, &ctx->nft->cache, &table); if (!chain) return 0; @@ -81,6 +87,9 @@ static int nft_cmd_enoent_set(struct netlink_ctx *ctx, const struct cmd *cmd, const struct table *table; struct set *set; + if (!cmd->handle.set.name) + return 0; + set = set_lookup_fuzzy(cmd->handle.set.name, &ctx->nft->cache, &table); if (!set) return 0; @@ -100,6 +109,9 @@ static int nft_cmd_enoent_obj(struct netlink_ctx *ctx, const struct cmd *cmd, const struct table *table; struct obj *obj; + if (!cmd->handle.obj.name) + return 0; + obj = obj_lookup_fuzzy(cmd->handle.obj.name, &ctx->nft->cache, &table); if (!obj) return 0; @@ -118,6 +130,9 @@ static int nft_cmd_enoent_flowtable(struct netlink_ctx *ctx, const struct table *table; struct flowtable *ft; + if (!cmd->handle.flowtable.name) + return 0; + ft = flowtable_lookup_fuzzy(cmd->handle.flowtable.name, &ctx->nft->cache, &table); if (!ft) diff --git a/tests/shell/testcases/cache/0009_delete_by_handle_incorrect_0 b/tests/shell/testcases/cache/0009_delete_by_handle_incorrect_0 new file mode 100755 index 00000000..f0bb02a6 --- /dev/null +++ b/tests/shell/testcases/cache/0009_delete_by_handle_incorrect_0 @@ -0,0 +1,8 @@ +#!/bin/bash + +$NFT delete table handle 4000 && exit 1 +$NFT delete chain t handle 4000 && exit 1 +$NFT delete set t handle 4000 && exit 1 +$NFT delete flowtable t handle 4000 && exit 1 +$NFT delete counter t handle 4000 && exit 1 +exit 0 |