From: Florian Westphal <fw@strlen.de>
Date: Wed, 19 Mar 2025 20:05:53 +0000 (+0100)
Subject: evaluate: don't update cache for anonymous chains
X-Git-Tag: v1.1.2~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bd1fc6c740535d1ad3f38f8ba9c539c14f1732f3;p=thirdparty%2Fnftables.git

evaluate: don't update cache for anonymous chains

Chain lookup needs a name, not a numerical id.
After patch, loading bogon gives following errors:

Error: No symbol type information a b index 1 10.1.26.a

v2: Don't return an error, just make it a no-op (Pablo Neira Ayuso)

Fixes: c330152b7f77 ("src: support for implicit chain bindings")
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index a2796119..785c4fab 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5371,6 +5371,10 @@ static int rule_cache_update(struct eval_ctx *ctx, enum cmd_ops op)
 	if (!table)
 		return table_not_found(ctx);
 
+	/* chain is anonymous, adding new rules via index is not supported. */
+	if (!rule->handle.chain.name)
+		return 0;
+
 	chain = chain_cache_find(table, rule->handle.chain.name);
 	if (!chain)
 		return chain_not_found(ctx);
diff --git a/tests/shell/testcases/bogons/nft-f/null_deref_on_anon_chain_update_crash b/tests/shell/testcases/bogons/nft-f/null_deref_on_anon_chain_update_crash
new file mode 100644
index 00000000..310486c5
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/null_deref_on_anon_chain_update_crash
@@ -0,0 +1,8 @@
+table ip f {
+        chain c {
+                jump {
+                        accept
+                }
+        }
+}
+a b index 1 10.1.26.a