From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 18 Oct 2015 18:18:05 +0000 (+0200)
Subject: evaluate: check if table and chain exists when adding rules
X-Git-Tag: v0.6~205
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=97493717e738;p=thirdparty%2Fnftables.git

evaluate: check if table and chain exists when adding rules

Assuming a table 'test' that contains a chain 'test':

 # nft add rule test1 test2 counter
 <cmdline>:1:1-28: Error: Could not process rule: Table 'test1' does not exist
 add rule test1 test2 counter
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 # nft add rule test test2 counter
 <cmdline>:1:1-27: Error: Could not process rule: Chain 'test2' does not exist
 add rule test test2 counter
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 4f9299e1..ccbe8b37 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2050,6 +2050,8 @@ static int table_evaluate(struct eval_ctx *ctx, struct table *table)
 
 static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd)
 {
+	struct table *table;
+
 	switch (cmd->obj) {
 	case CMD_OBJ_SETELEM:
 		return setelem_evaluate(ctx, &cmd->expr);
@@ -2058,6 +2060,15 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd)
 		return set_evaluate(ctx, cmd->set);
 	case CMD_OBJ_RULE:
 		handle_merge(&cmd->rule->handle, &cmd->handle);
+		table = table_lookup_global(ctx);
+		if (table == NULL)
+			return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
+					 ctx->cmd->handle.table);
+
+		if (chain_lookup(table, &ctx->cmd->handle) == NULL)
+			return cmd_error(ctx, "Could not process rule: Chain '%s' does not exist",
+					 ctx->cmd->handle.chain);
+
 		return rule_evaluate(ctx, cmd->rule);
 	case CMD_OBJ_CHAIN:
 		return chain_evaluate(ctx, cmd->chain);