]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8a66de2) | patch
rule: fix sym refcount assertion
authorFlorian Westphal <fw@strlen.de>
Mon, 15 Jan 2024 13:27:15 +0000 (14:27 +0100)
committerFlorian Westphal <fw@strlen.de>
Mon, 15 Jan 2024 17:21:41 +0000 (18:21 +0100)
commitb73298405cda74b3a87a1818bb92f53298d34170
tree0e43557cdb9c02265d24a1e2c657dbae87921806tree | snapshot
parent8a66de2a15943b2fbf960967cdbcbd0a148cb114commit | diff
rule: fix sym refcount assertion

Scope release must happen last.
afl provided a reproducer where policy is a define, because
scope is released too early we get:
nft: src/rule.c:559: scope_release: Assertion `sym->refcnt == 1' failed.

... because chain->policy is EXPR_SYMBOL.

Fixes: 627c451b2351 ("src: allow variables in the chain priority specification")
Signed-off-by: Florian Westphal <fw@strlen.de>
src/rule.c diff | blob | blame | history
tests/shell/testcases/bogons/nft-f/define_policy_assert [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables