path: root/tests/shell/testcases/sets
diff options
authorAnatole Denis <>2016-11-28 17:43:09 +0100
committerPablo Neira Ayuso <>2016-11-29 22:46:57 +0100
commit081f5a2a916ce5f3ccb1a9aca48028e99199498f (patch)
tree11ac073dd268d1cb764967435bcbf378af793cf6 /tests/shell/testcases/sets
parentb8404c4ba78344abe9fda92c95e69adea9131ff4 (diff)
tests: Add regression test for malformed sets
see: 5afa5a164ff1c066af1ec56d875b91562882bd50 When a malformed set is added, it was added before erroring out, causing a segfault further down when used. This tests for this case, ensuring that nftables doesn't segfault but errors correctly Signed-off-by: Anatole Denis <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'tests/shell/testcases/sets')
1 files changed, 33 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0
new file mode 100755
index 00000000..5d1a2dab
--- /dev/null
+++ b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0
@@ -0,0 +1,33 @@
+# This tests for the bug corrected in commit 5afa5a164ff1c066af1ec56d875b91562882bd50.
+# Sets were added to the table before checking for errors, and not removed from
+# the table on error, leading to an uninitialized set in the table, causing a
+# segfault for rules that tried to use it.
+# In this case, nft should error out because the set doesn't exist instead of
+# segfaulting
+if [ ! -w $tmpfile ] ; then
+ echo "Failed to create tmp file" >&2
+ exit 0
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+echo "
+add table t
+add chain t c
+add set t s {type ipv4_addr\;}
+add rule t c ip saddr @s
+" >$tmpfile
+$NFT -f $tmpfile
+trap - EXIT
+if [[ $ret -eq 1 ]]; then
+ exit 0
+ exit 1