From: Florian Westphal <fw@strlen.de>
Date: Fri, 13 Jun 2025 14:46:06 +0000 (+0200)
Subject: evaluate: don't BUG on unexpected base datatype
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=845b8d7208077310e77560a64b698973fb047ef2;p=thirdparty%2Fnftables.git

evaluate: don't BUG on unexpected base datatype

Included bogon will cause a crash but this is the evaluation stage where
we can just emit an error instead.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 9c7f23cb..872a9e0d 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -482,7 +482,8 @@ static int expr_evaluate_value(struct eval_ctx *ctx, struct expr **expr)
 			return -1;
 		break;
 	default:
-		BUG("invalid basetype %s\n", expr_basetype(*expr)->name);
+		return expr_error(ctx->msgs, *expr, "Unexpected datatype %s",
+				  (*expr)->dtype->name);
 	}
 	return 0;
 }
diff --git a/tests/shell/testcases/bogons/nft-f/invalid_basetype_verdict_assert b/tests/shell/testcases/bogons/nft-f/invalid_basetype_verdict_assert
new file mode 100644
index 00000000..f85ce7fe
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/invalid_basetype_verdict_assert
@@ -0,0 +1,11 @@
+table ip t {
+	map m {
+		type ipv4_addr . inet_service : ipv4_addr .  verdict
+		elements = { 10.0.0.1 . 42 : 10.1.1.1 . 0 }
+	}
+
+	chain c {
+		type nat hook prerouting priority dstnat; policy accept;
+		dnat ip to ip saddr . tcp dport map @m
+	}
+}