evaluate: reject: Have a generic fix for missing network context

Commit 17b495957b29e ("evaluate: reject: fix crash if we have transport
protocol conflict from inet") took care of a crash when using inet or
bridge families, but since then netdev family has been added which also
does not implicitly define the network context. Therefore the crash can
be reproduced again using the following example:

nft add rule netdev filter e1000-ingress \
		meta l4proto udp reject with tcp reset

In order to fix this in a more generic way, have stmt_evaluate_reset()
fall back to the generic proto_inet_service irrespective of the actual
proto context.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index fb9b82534d52012bc7e849c96c984d37e9665f8c..194a03495b5fd0762ed82aa6c6901346e4678349 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2167,9 +2167,7 @@ static int stmt_evaluate_reset(struct eval_ctx *ctx, struct stmt *stmt)
                return 0;
 
        base = pctx->protocol[PROTO_BASE_NETWORK_HDR].desc;
-       if (base == NULL &&
-           (ctx->pctx.family == NFPROTO_INET ||
-            ctx->pctx.family == NFPROTO_BRIDGE))
+       if (base == NULL)
                base = &proto_inet_service;
 
        protonum = proto_find_num(base, desc);