From 46980cddddfd77f2700fcb8234641711b985cd04 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 7 Jul 2022 15:11:35 +0200
Subject: rule: crash when uncollapsing command with unexisting table or set

If ruleset update refers to an unexisting table or set, then
cmd->elem.set is NULL.

Fixes: 498a5f0c219d ("rule: collapse set element commands")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/sets/errors_0 | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'tests')

diff --git a/tests/shell/testcases/sets/errors_0 b/tests/shell/testcases/sets/errors_0
index f2da43a0..27f65df3 100755
--- a/tests/shell/testcases/sets/errors_0
+++ b/tests/shell/testcases/sets/errors_0
@@ -54,4 +54,16 @@ RULESET="table ip x {
         chain chain2 {}
 }"
 
+$NFT -f - <<< $RULESET
+if [ $? -eq 0 ]
+then
+	exit 1
+fi
+
+RULESET="add set inet filter myset { type ipv4_addr; flags interval; auto-merge }
+add element inet filter myset { 192.168.0.0/24 }
+add element inet filter myset { 192.168.0.2 }
+add element inet filter myset { 192.168.1.0/24 }
+add element inet filter myset { 192.168.1.100 }"
+
 $NFT -f - <<< $RULESET || exit 0
-- 
cgit v1.2.3