diff options
| author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2016-05-11 13:30:02 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-13 11:34:42 +0200 |
| commit | 5afa5a164ff1c066af1ec56d875b91562882bd50 (patch) | |
| tree | 8f37f01649b701ea3205be6e1ebf32ac8e456949 /include/netlink.h | |
| parent | d4fdbaf84456b0a249cdea288139f92d045ac7dd (diff) | |
evaluate: check for NULL datatype in rhs in lookup expr
If we are evaluating an EXPR_SET_REF, check if right->dtype is not NULL.
We can hit SEGFAULT if for whatever reason the referenced object does not
exist.
Using this testfile (note the invalid set syntax):
% cat test.nft
flush ruleset
add table t
add chain t c
add set t s {type ipv4_addr\;}
add rule t c ip saddr @s
Without this patch:
% nft -f test.nft
Segmentation fault
With this patch:
% nft -f test.nft
t.nft:4:28-28: Error: syntax error, unexpected junk, expecting newline or semicolon
add set t s {type ipv4_addr\;}
^
t.nft:4:13-29: Error: set definition does not specify key data type
add set t s {type ipv4_addr\;}
^^^^^^^^^^^^^^^^^
t.nft:5:23-24: Error: the referenced set does not exist
add rule t c ip saddr @s
~~~~~~~~ ^^
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/netlink.h')
0 files changed, 0 insertions, 0 deletions