flowtable: Make parsing a little more robust

It was surprisingly easy to crash nft with invalid syntax in 'add flowtable' command. Catch at least three possible ways (illustrated in provided test case) by making evaluation phase survive so that bison gets a chance to complain. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2018-03-19 18:02:05 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-20 13:07:39 +0100
commit: 4be0a3f922a2944a941316fad76a717cd46691bd (patch)
tree: cceb7cad3d8ed92d580891b9d411d23fc8077b9d /tests/shell/testcases
parent: a55d79aa68266c790f3767ba240c3bdee247d511 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/shell/testcases/flowtable/0006segfault_0 b/tests/shell/testcases/flowtable/0006segfault_0
new file mode 100755
index 00000000..de590b77
--- /dev/null
+++ b/tests/shell/testcases/flowtable/0006segfault_0
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Make sure nft does not segfault when given invalid syntax in 'add flowtable' commands.
+
+$NFT add table ip t
+
+$NFT add flowtable ip t f { hook ingress priority 10\; devices = { lo } }
+[[ $? -eq 1 ]] || exit 1
+
+$NFT add flowtable ip t f { hook ingress\; priority 10\; }
+[[ $? -eq 1 ]] || exit 1
+
+$NFT add flowtable ip t f { hook ingress priority 10\; }
+[[ $? -eq 1 ]] || exit 1
author	Phil Sutter <phil@nwl.cc>	2018-03-19 18:02:05 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-20 13:07:39 +0100
commit	4be0a3f922a2944a941316fad76a717cd46691bd (patch)
tree	cceb7cad3d8ed92d580891b9d411d23fc8077b9d /tests/shell/testcases
parent	a55d79aa68266c790f3767ba240c3bdee247d511 (diff)