From: Florian Westphal <fw@strlen.de>
Date: Tue, 1 Apr 2025 14:29:14 +0000 (+0200)
Subject: cache: don't crash when filter is NULL
X-Git-Tag: v1.1.2~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f0a47f9f00c;p=thirdparty%2Fnftables.git

cache: don't crash when filter is NULL

a delete request will cause a crash in obj_cache_dump, move the deref
into the filter block.

Fixes: dbff26bfba83 ("cache: consolidate reset command")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/cache.c b/src/cache.c
index b75a5bf3..c0d96bd1 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -902,6 +902,7 @@ static struct nftnl_obj_list *obj_cache_dump(struct netlink_ctx *ctx,
 	int family = NFPROTO_UNSPEC;
 	const char *table = NULL;
 	const char *obj = NULL;
+	bool reset = false;
 	bool dump = true;
 
 	if (filter) {
@@ -914,9 +915,10 @@ static struct nftnl_obj_list *obj_cache_dump(struct netlink_ctx *ctx,
 		}
 		if (filter->list.obj_type)
 			type = filter->list.obj_type;
+
+		reset = filter->reset.obj;
 	}
-	obj_list = mnl_nft_obj_dump(ctx, family, table, obj, type, dump,
-				    filter->reset.obj);
+	obj_list = mnl_nft_obj_dump(ctx, family, table, obj, type, dump, reset);
 	if (!obj_list) {
                 if (errno == EINTR)
 			return NULL;
diff --git a/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash b/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash
new file mode 100644
index 00000000..c369dec8
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash
@@ -0,0 +1 @@
+delete quota a b