From 0c189656148d834b17aa9d98b0b11018bc9d2465 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 3 Feb 2021 19:42:27 +0100
Subject: evaluate: do not crash if dynamic set has no statements

list_first_entry() returns garbage when the list is empty.
There is no need to run the following loop if we have no statements,
so just return 0.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/evaluate.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/evaluate.c')

diff --git a/src/evaluate.c b/src/evaluate.c
index 1d5db4da..ccee7e21 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1363,10 +1363,12 @@ static int __expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr *elem)
 					  "number of statements mismatch, set expects %d "
 					  "but element has %d", num_set_exprs,
 					  num_elem_exprs);
-		} else if (num_set_exprs == 0 && !(set->flags & NFT_SET_EVAL)) {
-			return expr_error(ctx->msgs, elem,
-					  "missing statements in %s definition",
-					  set_is_map(set->flags) ? "map" : "set");
+		} else if (num_set_exprs == 0) {
+			if (!(set->flags & NFT_SET_EVAL))
+				return expr_error(ctx->msgs, elem,
+						  "missing statements in %s definition",
+						  set_is_map(set->flags) ? "map" : "set");
+			return 0;
 		}
 
 		set_stmt = list_first_entry(&set->stmt_list, struct stmt, list);
-- 
cgit v1.2.3