From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 17 Mar 2022 20:53:25 +0000 (+0100)
Subject: rule: Avoid segfault with anonymous chains
X-Git-Tag: v1.0.3~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4cf97abfee61;p=thirdparty%2Fnftables.git

rule: Avoid segfault with anonymous chains

Phil Sutter says:

"When trying to add a rule which contains an anonymous chain to a
non-existent chain, string_misspell_update() is called with a NULL
string because the anonymous chain has no name. Avoid this by making the
function NULL-pointer tolerant."

Fixes: c330152b7f777 ("src: support for implicit chain bindings")
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/rule.c b/src/rule.c
index b1700c40..19b8cb03 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -758,6 +758,9 @@ struct chain *chain_lookup_fuzzy(const struct handle *h,
 	struct table *table;
 	struct chain *chain;
 
+	if (!h->chain.name)
+		return NULL;
+
 	string_misspell_init(&st);
 
 	list_for_each_entry(table, &cache->table_cache.list, cache.list) {