From f01940d69e2a4d8e9e151da8d4d39f78d08528cf Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 26 Mar 2019 13:09:21 +0100
Subject: evaluate: skip binary transfer for named sets

Set may be empty, content might be yet unknown, we cannot do any
transfer in this case.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1327
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/evaluate.c b/src/evaluate.c
index 54afc334..94377da9 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1606,6 +1606,9 @@ static int __binop_transfer(struct eval_ctx *ctx,
 		}
 		break;
 	case EXPR_SET_REF:
+		if (!((*right)->set->flags & NFT_SET_ANONYMOUS))
+			return 0;
+
 		return __binop_transfer(ctx, left, &(*right)->set->init);
 	default:
 		return 0;
-- 
cgit v1.2.3