netlink: check key is EXPR_CONCAT before accessing field

alloc_nftnl_setelem() needs to check for EXPR_CONCAT before accessing
field_count.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink.c b/src/netlink.c
index b6d34832173971d90585d8efad8b985ec9484c08..ac73e96f9d244082360a1b41d225bfa9d769cf1c 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -135,7 +135,8 @@ struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set,
        default:
                __netlink_gen_data(key, &nld, false);
                nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_KEY, &nld.value, nld.len);
-               if (set->set_flags & NFT_SET_INTERVAL && key->field_count > 1) {
+               if (set->set_flags & NFT_SET_INTERVAL &&
+                   key->etype == EXPR_CONCAT && key->field_count > 1) {
                        key->flags |= EXPR_F_INTERVAL_END;
                        __netlink_gen_data(key, &nld, false);
                        key->flags &= ~EXPR_F_INTERVAL_END;