From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 8 Jul 2025 22:21:49 +0000 (+0200)
Subject: evaluate: validate set expression type before accessing flags
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2022e8bb5cf0e0fa81ab0a5087bd1ab6e20280ee;p=thirdparty%2Fnftables.git

evaluate: validate set expression type before accessing flags

Validate set->init is of EXPR_SET expression type before accessing
set_flags.

Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 83381b4e..f4f72ee4 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5290,7 +5290,8 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
 		set->flags |= NFT_SET_EXPR;
 
 	if (set_is_anonymous(set->flags)) {
-		if (set_is_interval(set->init->set_flags) &&
+		if (set->init->etype == EXPR_SET &&
+		    set_is_interval(set->init->set_flags) &&
 		    !(set->init->set_flags & NFT_SET_CONCAT) &&
 		    interval_set_eval(ctx, set, set->init) < 0)
 			return -1;