Filters: Fix crash on setting link-local gateway with no interface

When refactoring nexthop data structures to eattrs,
we missed that we are dereferencing an interface pointer
from a possibly invalid memory.

This fixes #257.

diff --git a/filter/f-inst.c b/filter/f-inst.c
index 00d39c39bccbd8bd2a3dacfa70da936362a27737..aeea55eafdc7835a3c3b4fcea028712de72c5139 100644 (file)
--- a/filter/f-inst.c
+++ b/filter/f-inst.c
@@ -769,10 +769,11 @@
       case SA_GW:
        {
          struct eattr *nh_ea = ea_find(fs->rte->attrs, &ea_gen_nexthop);
+         SKIP_BACK_DECLARE(struct nexthop_adata, nhad, ad, nh_ea ? nh_ea->u.ptr : NULL);
+         struct nexthop *first = NEXTHOP_IS_REACHABLE(nhad) ? &(nhad->nh) : NULL;
 
          ip_addr ip = v1.val.ip;
-         struct iface *ifa = (ipa_is_link_local(ip) && nh_ea) ?
-           ((struct nexthop_adata *) nh_ea->u.ptr)->nh.iface : NULL;
+         struct iface *ifa = (ipa_is_link_local(ip) && first) ? first->iface : NULL;
          
          /* XXX this code supposes that every owner is a protocol XXX */
          neighbor *n = neigh_find(SKIP_BACK(struct proto, sources, fs->rte->src->owner), ip, ifa, 0);