From 3f0a47f9f00c9f368997c397b0848966029c39fb Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 1 Apr 2025 16:29:14 +0200 Subject: [PATCH] cache: don't crash when filter is NULL a delete request will cause a crash in obj_cache_dump, move the deref into the filter block. Fixes: dbff26bfba83 ("cache: consolidate reset command") Signed-off-by: Florian Westphal Reviewed-by: Pablo Neira Ayuso --- src/cache.c | 6 ++++-- .../testcases/bogons/nft-f/delete_nonexistant_object_crash | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash diff --git a/src/cache.c b/src/cache.c index b75a5bf3..c0d96bd1 100644 --- a/src/cache.c +++ b/src/cache.c @@ -902,6 +902,7 @@ static struct nftnl_obj_list *obj_cache_dump(struct netlink_ctx *ctx, int family = NFPROTO_UNSPEC; const char *table = NULL; const char *obj = NULL; + bool reset = false; bool dump = true; if (filter) { @@ -914,9 +915,10 @@ static struct nftnl_obj_list *obj_cache_dump(struct netlink_ctx *ctx, } if (filter->list.obj_type) type = filter->list.obj_type; + + reset = filter->reset.obj; } - obj_list = mnl_nft_obj_dump(ctx, family, table, obj, type, dump, - filter->reset.obj); + obj_list = mnl_nft_obj_dump(ctx, family, table, obj, type, dump, reset); if (!obj_list) { if (errno == EINTR) return NULL; diff --git a/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash b/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash new file mode 100644 index 00000000..c369dec8 --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash @@ -0,0 +1 @@ +delete quota a b -- 2.39.5