rule: skip CMD_OBJ_SETELEMS with no elements after set flush

Set declaration + set flush results in a crash because CMD_OBJ_SETELEMS
does not expect no elements. This internal command only shows up if set
contains elements, however, evaluation flushes set content after the set
expansion. Skip this command CMD_OBJ_SETELEMS if set is empty.

Fixes: d3c8051cb767 ("rule: rework CMD_OBJ_SETELEMS logic")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/rule.c b/src/rule.c
index bb6f62c8ab7357180b2a16ad968a4aa64e6b3743..8f8b77f1e8836e3f3c156be006ac5a0e25780c27 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1499,6 +1499,9 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd,
 {
        struct set *set = cmd->set;
 
 {
        struct set *set = cmd->set;
 

+       if (!set->init)
+               return 0;
+

        return __do_add_elements(ctx, cmd, set, set->init, flags);
 }
 
        return __do_add_elements(ctx, cmd, set, set->init, flags);
 }