tcpopt: bogus assertion on undefined options

 # nft add rule x y tcp option 6 exists
 # nft list ruleset
 nft: tcpopt.c:208: tcpopt_init_raw: Assertion `expr->exthdr.desc != NULL' failed.
 Aborted

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1557
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/tcpopt.c b/src/tcpopt.c
index 05b5ee6e3a0be6fa5ba755f230ab9cec52aaa153..53fe9bc860a8dcbc22d63950a8adc6c6f5b59212 100644 (file)
--- a/src/tcpopt.c
+++ b/src/tcpopt.c
@@ -200,7 +200,8 @@ void tcpopt_init_raw(struct expr *expr, uint8_t type, unsigned int off,
        else
                datatype_set(expr, &integer_type);
 
-       if (type >= array_size(tcpopt_protocols))
+       if (type >= array_size(tcpopt_protocols) ||
+           !tcpopt_protocols[type])
                return;
 
        expr->exthdr.desc = tcpopt_protocols[type];

diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t
index f17a20b59492682bd0b5425c482220e0cf5a4d6e..bcc64eac2e2189d1bbb8a6efa1719927029dafab 100644 (file)
--- a/tests/py/any/tcpopt.t
+++ b/tests/py/any/tcpopt.t
@@ -31,6 +31,7 @@ tcp option timestamp length 1;ok
 tcp option timestamp tsval 1;ok
 tcp option timestamp tsecr 1;ok
 tcp option 255 missing;ok
+tcp option 6 exists;ok
 tcp option @255,8,8 255;ok
 
 tcp option foobar;fail

diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json
index 139e97d8f0432c35607e4adf63d28c41cae90e48..a45b4c8b5c586016e6d02ff7aaf87a487c5dcb6b 100644 (file)
--- a/tests/py/any/tcpopt.t.json
+++ b/tests/py/any/tcpopt.t.json
@@ -414,6 +414,23 @@
     }
 ]
 
+# tcp option 6 exists
+[
+    {
+        "match": {
+            "left": {
+                "tcp option": {
+                    "base": 6,
+                    "len": 8,
+                    "offset": 0
+                }
+            },
+            "op": "==",
+            "right": true
+        }
+    }
+]
+
 # tcp option 255 missing
 [
     {

diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload
index 1005df32ab33c1f614412b680ed7d8991eb426ca..51f3a75276685b529fed031b90f900850f784701 100644 (file)
--- a/tests/py/any/tcpopt.t.payload
+++ b/tests/py/any/tcpopt.t.payload
@@ -133,6 +133,11 @@ inet
   [ exthdr load tcpopt 1b @ 255 + 0 present => reg 1 ]
   [ cmp eq reg 1 0x00000000 ]
 
+# tcp option 6 exists
+inet
+  [ exthdr load tcpopt 1b @ 6 + 0 present => reg 1 ]
+  [ cmp eq reg 1 0x00000001 ]
+
 # tcp option @255,8,8 255
 inet
   [ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ]