On 13 May 2016 at 11:38, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Wed, May 11, 2016 at 01:30:02PM +0200, Arturo Borrero Gonzalez wrote:
>> If we are evaluating an EXPR_SET_REF, check if right->dtype is not NULL.
>> We can hit SEGFAULT if for whatever reason the referenced object does not
>> exists.
>>
>> Using this testfile (note the invalid set syntax):
>>
>> % cat test.nft
>> flush ruleset
>> add table t
>> add chain t c
>> add set t s {type ipv4_addr\;}
>> add rule t c ip saddr @s
>>
>> Without this patch:
>>
>> % nft -f test.nft
>> Segmentation fault
>>
>> With this patch:
>>
>> % nft -f test.nft
>> t.nft:4:28-28: Error: syntax error, unexpected junk, expecting newline or semicolon
>> add set t s {type ipv4_addr\;}
>> ^
>> t.nft:4:13-29: Error: set definition does not specify key data type
>> add set t s {type ipv4_addr\;}
>> ^^^^^^^^^^^^^^^^^
>> t.nft:5:23-24: Error: the referenced object does not exists
>
> I have reworded this to: "the referenced set does not exist"
>
Ok, I used the generic word 'object' because this could apply to maps as well.
>> add rule t c ip saddr @s
>> ~~~~~~~~ ^^
>
> Applied, thanks Arturo.
thanks
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
