From: Florian Westphal <fw@strlen.de>
Date: Thu, 20 Mar 2025 13:31:42 +0000 (+0100)
Subject: rule: return error if table does not exist
X-Git-Tag: v1.1.2~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=853d3a2d3cbd;p=thirdparty%2Fnftables.git

rule: return error if table does not exist

The bogon triggers segfault due to NULL dereference.  Error out and set
errno to ENOENT; caller uses strerror() in the errmsg.

After fix, loading reproducer results in:
/tmp/A:2:1-18: Error: Could not process rule: No such file or directory
list table inet p
^^^^^^^^^^^^^^^^^^

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/rule.c b/src/rule.c
index 3edfa471..00fbbc4c 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2380,10 +2380,16 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
 	if (nft_output_json(&ctx->nft->output))
 		return do_command_list_json(ctx, cmd);
 
-	if (cmd->handle.table.name != NULL)
+	if (cmd->handle.table.name != NULL) {
 		table = table_cache_find(&ctx->nft->cache.table_cache,
 					 cmd->handle.table.name,
 					 cmd->handle.family);
+		if (!table) {
+			errno = ENOENT;
+			return -1;
+		}
+	}
+
 	switch (cmd->obj) {
 	case CMD_OBJ_TABLE:
 		if (!cmd->handle.table.name)
diff --git a/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash b/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
new file mode 100644
index 00000000..b802430b
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
@@ -0,0 +1,3 @@
+table inet p
+list table inet p
+delete  table inet p