[PATCH 6/5] netfilter: nft_dynset: make sure expr extension exists before using it

[Patrick McHardy <kaber@xxxxxxxxx>]

This patch fixes a bug in patch 5/5 (netfilter: nft_dynset: dynamic
stateful expression instantiation), we need to make sure the expr
extension exists without using it to avoid a crash with normal
set updates.

If possible, please simply fold it into 5/5.

Thanks!

commit 6609a3aad8ad8c1e60a4b757d626aeb69fae8066
Author: Patrick McHardy <kaber@xxxxxxxxx>
Date:   Sun Apr 12 21:24:31 2015 +0100

    netfilter: nft_dynset: make sure expr extension exists before using it
    
    Fix a crash when using dynset without an expression.
    
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 311e21c..513a8ef 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -68,7 +68,9 @@ static void nft_dynset_eval(const struct nft_expr *expr,
 
 	if (set->ops->update(set, &regs->data[priv->sreg_key], nft_dynset_new,
 			     expr, regs, &ext)) {
-		sexpr = nft_set_ext_expr(ext);
+		sexpr = NULL;
+		if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPR))
+			sexpr = nft_set_ext_expr(ext);
 
 		if (priv->op == NFT_DYNSET_OP_UPDATE &&
 		    nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) {
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html