Fix regression introduced by commit 87c2a2205:
netlink_delinearize: clone on netlink_get_register(), release previous on _set()
When using a non-verdict mapping, the set ref expression is assigned to the
destination register. The next get_register() will attempt to clone it and
crash because of the missing ->clone() callback.
# nft filter input meta mark set ip daddr map { 192.168.0.1 : 123 }
# nft list table filter
Segmentation fault (core dumped)
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
src/expression.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/expression.c b/src/expression.c
index 8ba2e8a..5b848da 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -858,6 +858,11 @@ static void set_ref_expr_print(const struct expr *expr)
printf("@%s", expr->set->handle.set);
}
+static void set_ref_expr_clone(struct expr *new, const struct expr *expr)
+{
+ new->set = set_get(expr->set);
+}
+
static void set_ref_expr_destroy(struct expr *expr)
{
set_free(expr->set);
@@ -867,6 +872,7 @@ static const struct expr_ops set_ref_expr_ops = {
.type = EXPR_SET_REF,
.name = "set reference",
.print = set_ref_expr_print,
+ .clone = set_ref_expr_clone,
.destroy = set_ref_expr_destroy,
};
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
