Since nft_arp_rule_to_cs() may not set cs->jumpto, later call to strcmp() may be passed a NULL pointer. Therefore check if the pointer is valid before doing so. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft-arp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index b8e8982653bb3..a2109c608670d 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -661,7 +661,7 @@ static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r, if (!compare_targets(cs->target, this.target)) return false; - if (strcmp(cs->jumpto, this.jumpto) != 0) + if (this.jumpto && strcmp(cs->jumpto, this.jumpto) != 0) return false; return true; -- 2.18.0
