]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 16a64ad)
netlink: Avoid potential NULL-ptr deref parsing set elem expressions
authorPhil Sutter <phil@nwl.cc>
Fri, 16 May 2025 18:08:05 +0000 (20:08 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 13 Aug 2025 17:17:04 +0000 (19:17 +0200)
commit 89645d04106d45d5e23b6d5206777dad1fb3e6bf upstream.

Since netlink_parse_set_expr() may return NULL, the following deref must
be guarded.

Fixes: e6d1d0d611958 ("src: add set element multi-statement support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
src/netlink.c patch | blob | blame | history

diff --git a/src/netlink.c b/src/netlink.c
index ad66e6982e278f4acea0f31a7062c558f6284df9..e5a04d33d56e4d3411b94dd16e2c97173e86fd99 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -962,7 +962,8 @@ static int set_elem_parse_expressions(struct nftnl_expr *e, void *data)
        struct stmt *stmt;
 
        stmt = netlink_parse_set_expr(set, cache, e);
-       list_add_tail(&stmt->list, &setelem_parse_ctx->stmt_list);
+       if (stmt)
+               list_add_tail(&stmt->list, &setelem_parse_ctx->stmt_list);
 
        return 0;
 }
Mirror of git://git.netfilter.org/nftables