summaryrefslogtreecommitdiffstats
path: root/src/evaluate.c
diff options
context:
space:
mode:
authorLiping Zhang <liping.zhang@spreadtrum.com>2016-05-14 20:43:35 +0800
committerFlorian Westphal <fw@strlen.de>2016-05-14 22:03:22 +0200
commitd4b86b6bfdf979a13c7cf4231bb4ec1d0c04d6a3 (patch)
tree5eebb6a7a2c0400a529bf441396a10f471c473e9 /src/evaluate.c
parent4caf82919d3c8e85a0ebc6028229bea58a6268ba (diff)
evaluate: fix crash if we add an error format rule
If we add a such nft rule: nft add rule filter input ip protocol icmp tcp dport 0 we will always meet the assert condition: nft: evaluate.c:536: resolve_protocol_conflict: Assertion `base < (__PROTO_BASE_MAX - 1)' failed. Aborted (core dumped) Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r--src/evaluate.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 53f19b29..c317761f 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -533,7 +533,7 @@ static int resolve_protocol_conflict(struct eval_ctx *ctx,
list_add_tail(&nstmt->list, &ctx->stmt->list);
}
- assert(base < PROTO_BASE_MAX);
+ assert(base <= PROTO_BASE_MAX);
/* This payload and the existing context don't match, conflict. */
if (ctx->pctx.protocol[base + 1].desc != NULL)
return 1;