From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 26 Mar 2019 12:09:21 +0000 (+0100)
Subject: evaluate: skip binary transfer for named sets
X-Git-Tag: v0.9.1~119
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f01940d69e2a4d8e9e151da8d4d39f78d08528cf;p=thirdparty%2Fnftables.git

evaluate: skip binary transfer for named sets

Set may be empty, content might be yet unknown, we cannot do any
transfer in this case.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1327
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 54afc334..94377da9 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1606,6 +1606,9 @@ static int __binop_transfer(struct eval_ctx *ctx,
 		}
 		break;
 	case EXPR_SET_REF:
+		if (!((*right)->set->flags & NFT_SET_ANONYMOUS))
+			return 0;
+
 		return __binop_transfer(ctx, left, &(*right)->set->init);
 	default:
 		return 0;