From: Florian Westphal <fw@strlen.de>
Date: Tue, 29 May 2018 20:29:50 +0000 (+0200)
Subject: xtables-compat: skip invalid tables
X-Git-Tag: v1.8.0~32
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e6427abc0221a5e7ed3f943cbf05acb8682c721;p=thirdparty%2Fiptables.git

xtables-compat: skip invalid tables

in bridge and arp families, some tables such as security do not exist,
so name is NULL. skip them, else we segfault in strcmp.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/iptables/nft.c b/iptables/nft.c
index 424c9119..08cbdc86 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2959,7 +2959,7 @@ static int nft_is_chain_compatible(const struct nft_handle *h,
 		cur_table = h->tables[i].name;
 		chains = h->tables[i].chains;
 
-		if (strcmp(table, cur_table) != 0)
+		if (!cur_table || strcmp(table, cur_table) != 0)
 			continue;
 
 		for (j = 0; j < NF_INET_NUMHOOKS && chains[j].name; j++) {
@@ -3017,6 +3017,8 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename)
 	int ret = 0, i;
 
 	for (i = 0; i < TABLES_MAX; i++) {
+		if (!h->tables[i].name)
+			continue;
 		if (strcmp(h->tables[i].name, tablename) == 0)
 			break;
 	}