From 09c573053ff03ad0a2eeb12c2957881648062f50 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 30 Nov 2023 21:29:52 +0100
Subject: evaluate: reject sets with no key

nft --check -f tests/shell/testcases/bogons/nft-f/set_without_key
Segmentation fault (core dumped)

Fixes: 56c90a2dd2eb ("evaluate: expand sets and maps before evaluation")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/evaluate.c                                     | 3 +++
 tests/shell/testcases/bogons/nft-f/map_without_key | 5 +++++
 tests/shell/testcases/bogons/nft-f/set_without_key | 5 +++++
 3 files changed, 13 insertions(+)
 create mode 100644 tests/shell/testcases/bogons/nft-f/map_without_key
 create mode 100644 tests/shell/testcases/bogons/nft-f/set_without_key

diff --git a/src/evaluate.c b/src/evaluate.c
index 2ead0347..048880e5 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -4621,6 +4621,9 @@ static int elems_evaluate(struct eval_ctx *ctx, struct set *set)
 {
 	ctx->set = set;
 	if (set->init != NULL) {
+		if (set->key == NULL)
+			return set_error(ctx, set, "set definition does not specify key");
+
 		__expr_set_context(&ctx->ectx, set->key->dtype,
 				   set->key->byteorder, set->key->len, 0);
 		if (expr_evaluate(ctx, &set->init) < 0)
diff --git a/tests/shell/testcases/bogons/nft-f/map_without_key b/tests/shell/testcases/bogons/nft-f/map_without_key
new file mode 100644
index 00000000..78f16b23
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/map_without_key
@@ -0,0 +1,5 @@
+table t {
+	map m {
+		elements = { 0x00000023 : 0x00001337 }
+	}
+}
diff --git a/tests/shell/testcases/bogons/nft-f/set_without_key b/tests/shell/testcases/bogons/nft-f/set_without_key
new file mode 100644
index 00000000..f194afbf
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/set_without_key
@@ -0,0 +1,5 @@
+table ip t {
+	set s {
+		elements = { 0x00000023-0x00000142, 0x00001337 }
+	}
+}
-- 
cgit v1.2.3