From 081f5a2a916ce5f3ccb1a9aca48028e99199498f Mon Sep 17 00:00:00 2001 From: Anatole Denis Date: Mon, 28 Nov 2016 17:43:09 +0100 Subject: tests: Add regression test for malformed sets see: 5afa5a164ff1c066af1ec56d875b91562882bd50 When a malformed set is added, it was added before erroring out, causing a segfault further down when used. This tests for this case, ensuring that nftables doesn't segfault but errors correctly Signed-off-by: Anatole Denis Signed-off-by: Pablo Neira Ayuso --- .../sets/0014malformed_set_is_not_defined_0 | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100755 tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 (limited to 'tests') diff --git a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 new file mode 100755 index 00000000..5d1a2dab --- /dev/null +++ b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 @@ -0,0 +1,33 @@ +#!/bin/bash + +# This tests for the bug corrected in commit 5afa5a164ff1c066af1ec56d875b91562882bd50. +# Sets were added to the table before checking for errors, and not removed from +# the table on error, leading to an uninitialized set in the table, causing a +# segfault for rules that tried to use it. +# In this case, nft should error out because the set doesn't exist instead of +# segfaulting + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +echo " +add table t +add chain t c +add set t s {type ipv4_addr\;} +add rule t c ip saddr @s +" >$tmpfile + +$NFT -f $tmpfile +ret=$? + +trap - EXIT +if [[ $ret -eq 1 ]]; then + exit 0 +else + exit 1 +fi -- cgit v1.2.3