diff options
author | Phil Sutter <phil@nwl.cc> | 2018-03-19 18:02:05 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-20 13:07:39 +0100 |
commit | 4be0a3f922a2944a941316fad76a717cd46691bd (patch) | |
tree | cceb7cad3d8ed92d580891b9d411d23fc8077b9d /tests/shell | |
parent | a55d79aa68266c790f3767ba240c3bdee247d511 (diff) |
flowtable: Make parsing a little more robust
It was surprisingly easy to crash nft with invalid syntax in 'add
flowtable' command. Catch at least three possible ways (illustrated in
provided test case) by making evaluation phase survive so that bison
gets a chance to complain.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
-rwxr-xr-x | tests/shell/testcases/flowtable/0006segfault_0 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/shell/testcases/flowtable/0006segfault_0 b/tests/shell/testcases/flowtable/0006segfault_0 new file mode 100755 index 00000000..de590b77 --- /dev/null +++ b/tests/shell/testcases/flowtable/0006segfault_0 @@ -0,0 +1,14 @@ +#!/bin/bash + +# Make sure nft does not segfault when given invalid syntax in 'add flowtable' commands. + +$NFT add table ip t + +$NFT add flowtable ip t f { hook ingress priority 10\; devices = { lo } } +[[ $? -eq 1 ]] || exit 1 + +$NFT add flowtable ip t f { hook ingress\; priority 10\; } +[[ $? -eq 1 ]] || exit 1 + +$NFT add flowtable ip t f { hook ingress priority 10\; } +[[ $? -eq 1 ]] || exit 1 |