From 3503738f77cdbe521da1054a37f59ac2e442b4cf Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 6 Jun 2016 21:52:28 +0200
Subject: payload: don't update protocol context if we can't find a description

Since commit
20b1131c07acd2fc ("payload: fix stacked headers protocol context tracking")
we deref null pointer if we can't find a description for the desired
protocol, so "ip protocol 254" crashes while testing protocols 6 or 17
(tcp, udp) works.

Also add a test case for this.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1072
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/ip/ip.t.payload | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'tests/py/ip/ip.t.payload')

diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload
index 3bd3358f..15cc5904 100644
--- a/tests/py/ip/ip.t.payload
+++ b/tests/py/ip/ip.t.payload
@@ -204,6 +204,11 @@ ip test-ip4 input
   [ lookup reg 1 set __set%d ]
   [ immediate reg 0 accept ]
 
+# ip protocol 255
+ip test-ip4 input
+  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ cmp eq reg 1 0x000000ff ]
+
 # ip checksum 13172 drop
 ip test-ip4 input
   [ payload load 2b @ network header + 10 => reg 1 ]
-- 
cgit v1.2.3