From: Florian Westphal <fw@strlen.de>
Date: Thu, 30 Nov 2023 20:29:52 +0000 (+0100)
Subject: evaluate: reject sets with no key
X-Git-Tag: v1.0.6.1~119
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2176f0e0c8e34532bfd2127a0e96d84e2727329f;p=thirdparty%2Fnftables.git

evaluate: reject sets with no key

commit 09c573053ff03ad0a2eeb12c2957881648062f50 upstream.

nft --check -f tests/shell/testcases/bogons/nft-f/set_without_key
Segmentation fault (core dumped)

Fixes: 56c90a2dd2eb ("evaluate: expand sets and maps before evaluation")
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 3724a2bd..47145f4c 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -4756,6 +4756,9 @@ static int elems_evaluate(struct eval_ctx *ctx, struct set *set)
 {
 	ctx->set = set;
 	if (set->init != NULL) {
+		if (set->key == NULL)
+			return set_error(ctx, set, "set definition does not specify key");
+
 		__expr_set_context(&ctx->ectx, set->key->dtype,
 				   set->key->byteorder, set->key->len, 0);
 		if (expr_evaluate(ctx, &set->init) < 0) {
diff --git a/tests/shell/testcases/bogons/nft-f/map_without_key b/tests/shell/testcases/bogons/nft-f/map_without_key
new file mode 100644
index 00000000..78f16b23
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/map_without_key
@@ -0,0 +1,5 @@
+table t {
+	map m {
+		elements = { 0x00000023 : 0x00001337 }
+	}
+}
diff --git a/tests/shell/testcases/bogons/nft-f/set_without_key b/tests/shell/testcases/bogons/nft-f/set_without_key
new file mode 100644
index 00000000..f194afbf
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/set_without_key
@@ -0,0 +1,5 @@
+table ip t {
+	set s {
+		elements = { 0x00000023-0x00000142, 0x00001337 }
+	}
+}