If we use tcp reset with a network protocol that it's not supported, we send an error message. In that case reject.expr is NULL and we have a crash. Therefore we have to use the stmt to indicate that the error comes from the reject. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx> --- src/evaluate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/evaluate.c b/src/evaluate.c index 3eeb614..00e55b7 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1277,7 +1277,7 @@ static int stmt_evaluate_reject_bridge_family(struct eval_ctx *ctx, case __constant_htons(ETH_P_IPV6): break; default: - return stmt_binary_error(ctx, stmt->reject.expr, + return stmt_binary_error(ctx, stmt, &ctx->pctx.protocol[PROTO_BASE_NETWORK_HDR], "cannot reject this ether type"); } -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
