evaluate: do not crash if dynamic set has no statements

list_first_entry() returns garbage when the list is empty.
There is no need to run the following loop if we have no statements,
so just return 0.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/evaluate.c b/src/evaluate.c
index 1d5db4dacd82505af3c28ff88d18153cf7a520cf..ccee7e2102e6c7fedbe6e8a9a05ebd676d3181f6 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1363,10 +1363,12 @@ static int __expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr *elem)
                                          "number of statements mismatch, set expects %d "
                                          "but element has %d", num_set_exprs,
                                          num_elem_exprs);
-               } else if (num_set_exprs == 0 && !(set->flags & NFT_SET_EVAL)) {
-                       return expr_error(ctx->msgs, elem,
-                                         "missing statements in %s definition",
-                                         set_is_map(set->flags) ? "map" : "set");
+               } else if (num_set_exprs == 0) {
+                       if (!(set->flags & NFT_SET_EVAL))
+                               return expr_error(ctx->msgs, elem,
+                                                 "missing statements in %s definition",
+                                                 set_is_map(set->flags) ? "map" : "set");
+                       return 0;
                }
 
                set_stmt = list_first_entry(&set->stmt_list, struct stmt, list);