diff options
author | Sergei Trofimovich <slyfox@gentoo.org> | 2019-09-16 08:33:20 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-09-16 09:52:14 +0200 |
commit | 5b37479b42b338d99d938c56d5d752145b0d9331 (patch) | |
tree | 9682c66dd5560a6f07c019327c347854019e31b7 /files/examples | |
parent | 8a079c67a95cf87f10fe7eff5f96f1f007904288 (diff) |
nftables: don't crash in 'list ruleset' if policy is not set
Minimal reproducer:
```
$ cat nft.ruleset
# filters
table inet filter {
chain prerouting {
type filter hook prerouting priority -50
}
}
# dump new state
list ruleset
$ nft -c -f ./nft.ruleset
table inet filter {
chain prerouting {
Segmentation fault (core dumped)
```
The crash happens in `chain_print_declaration()`:
```
if (chain->flags & CHAIN_F_BASECHAIN) {
mpz_export_data(&policy, chain->policy->value,
BYTEORDER_HOST_ENDIAN, sizeof(int));
```
Here `chain->policy` is `NULL` (as textual rule does not mention it).
The change is not to print the policy if it's not set
(similar to `chain_evaluate()` handling).
CC: Florian Westphal <fw@strlen.de>
CC: Pablo Neira Ayuso <pablo@netfilter.org>
CC: netfilter-devel@vger.kernel.org
Bug: https://bugzilla.netfilter.org/show_bug.cgi?id=1365
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Acked-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'files/examples')
0 files changed, 0 insertions, 0 deletions