If nft sets an invalid type, nftnl_obj_ops_lookup will return NULL.
In this case we must not set NFTNL_OBJ_TYPE flag, else we later get
crash in nftnl_obj_nlmsg_build_payload as it dereferences obj->ops.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/object.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/object.c b/src/object.c
index 9594d2f99071..62fa48afa2a1 100644
--- a/src/object.c
+++ b/src/object.c
@@ -83,6 +83,8 @@ void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
break;
case NFTNL_OBJ_TYPE:
obj->ops = nftnl_obj_ops_lookup(*((uint32_t *)data));
+ if (!obj->ops)
+ return;
break;
case NFTNL_OBJ_FAMILY:
obj->family = *((uint32_t *)data);
@@ -250,7 +252,8 @@ int nftnl_obj_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_obj *obj)
uint32_t type = ntohl(mnl_attr_get_u32(tb[NFTA_OBJ_TYPE]));
obj->ops = nftnl_obj_ops_lookup(type);
- obj->flags |= (1 << NFTNL_OBJ_TYPE);
+ if (obj->ops)
+ obj->flags |= (1 << NFTNL_OBJ_TYPE);
}
if (tb[NFTA_OBJ_DATA]) {
if (obj->ops) {
--
2.10.2
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
