From: Florian Westphal <fw@strlen.de>
Date: Wed, 3 Feb 2021 18:42:27 +0000 (+0100)
Subject: evaluate: do not crash if dynamic set has no statements
X-Git-Tag: v0.9.9~129
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c189656148d834b17aa9d98b0b11018bc9d2465;p=thirdparty%2Fnftables.git

evaluate: do not crash if dynamic set has no statements

list_first_entry() returns garbage when the list is empty.
There is no need to run the following loop if we have no statements,
so just return 0.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 1d5db4da..ccee7e21 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1363,10 +1363,12 @@ static int __expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr *elem)
 					  "number of statements mismatch, set expects %d "
 					  "but element has %d", num_set_exprs,
 					  num_elem_exprs);
-		} else if (num_set_exprs == 0 && !(set->flags & NFT_SET_EVAL)) {
-			return expr_error(ctx->msgs, elem,
-					  "missing statements in %s definition",
-					  set_is_map(set->flags) ? "map" : "set");
+		} else if (num_set_exprs == 0) {
+			if (!(set->flags & NFT_SET_EVAL))
+				return expr_error(ctx->msgs, elem,
+						  "missing statements in %s definition",
+						  set_is_map(set->flags) ? "map" : "set");
+			return 0;
 		}
 
 		set_stmt = list_first_entry(&set->stmt_list, struct stmt, list);