cache: don't crash when filter is NULL

a delete request will cause a crash in obj_cache_dump, move the deref
into the filter block.

Fixes: dbff26bfba83 ("cache: consolidate reset command")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index b75a5bf3283cf7bdb7db13fcf50566b49724a74c..c0d96bd14a800060b86e797f7cfc606efe4faf29 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -902,6 +902,7 @@ static struct nftnl_obj_list *obj_cache_dump(struct netlink_ctx *ctx,
        int family = NFPROTO_UNSPEC;
        const char *table = NULL;
        const char *obj = NULL;
+       bool reset = false;
        bool dump = true;
 
        if (filter) {
@@ -914,9 +915,10 @@ static struct nftnl_obj_list *obj_cache_dump(struct netlink_ctx *ctx,
                }
                if (filter->list.obj_type)
                        type = filter->list.obj_type;
+
+               reset = filter->reset.obj;
        }
-       obj_list = mnl_nft_obj_dump(ctx, family, table, obj, type, dump,
-                                   filter->reset.obj);
+       obj_list = mnl_nft_obj_dump(ctx, family, table, obj, type, dump, reset);
        if (!obj_list) {
                 if (errno == EINTR)
                        return NULL;

diff --git a/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash b/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash
new file mode 100644 (file)
index 0000000..c369dec
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash
@@ -0,0 +1 @@
+delete quota a b