diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-24 15:14:22 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-24 15:23:44 +0200 |
commit | a320531e78f1bcb12b24da048f34592771392a9a (patch) | |
tree | 04e0e63205e6aea50035492dce7afa7347faa2ac /src | |
parent | df84fdeb32c7a76388dd456a835b5f29e0c9caa1 (diff) |
datatype: fix crash if wrong integer type is passed
Eric Leblond reported that this command:
nft add rule ip6 filter input position 4 meta protocol icmpv6 accept
crashes nft. The problem is that 'icmpv6' is wrong there, as
meta protocol is expecting an ethernet protocol, that can be
expressed as an hexadecimal.
Now this command displays the following error:
<cmdline>:1:52-57: Error: This is not a valid Ethernet protocol
add rule ip6 filter input position 4 meta protocol icmpv6 accept
^^^^^^
This closes bugzilla #834:
https://bugzilla.netfilter.org/show_bug.cgi?id=834
Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/datatype.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/datatype.c b/src/datatype.c index 62539957..55368eed 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -229,8 +229,10 @@ static struct error_record *integer_type_parse(const struct expr *sym, if (gmp_sscanf(sym->identifier, "%Zu%n", v, &len) != 1 || (int)strlen(sym->identifier) != len) { mpz_clear(v); - if (sym->dtype != &integer_type) - return NULL; + if (sym->dtype != &integer_type) { + return error(&sym->location, "This is not a valid %s", + sym->dtype->desc); + } return error(&sym->location, "Could not parse %s", sym->dtype->desc); } |