From: Phil Sutter <phil@nwl.cc>
Date: Wed, 19 Sep 2018 13:17:07 +0000 (+0200)
Subject: arptables: Fix incorrect strcmp() in nft_arp_rule_find()
X-Git-Tag: v1.8.1~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c9a1521105aa515a272e2d04fa806bed8b43396;p=thirdparty%2Fiptables.git

arptables: Fix incorrect strcmp() in nft_arp_rule_find()

Since nft_arp_rule_to_cs() may not set cs->jumpto, later call to
strcmp() may be passed a NULL pointer. Therefore check if the pointer is
valid before doing so.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index b8e89826..a2109c60 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -661,7 +661,7 @@ static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
 	if (!compare_targets(cs->target, this.target))
 		return false;
 
-	if (strcmp(cs->jumpto, this.jumpto) != 0)
+	if (this.jumpto && strcmp(cs->jumpto, this.jumpto) != 0)
 		return false;
 
 	return true;