datatype: fix crash if wrong integer type is passed

Eric Leblond reported that this command:

nft add rule ip6 filter input position 4 meta protocol icmpv6 accept

crashes nft. The problem is that 'icmpv6' is wrong there, as
meta protocol is expecting an ethernet protocol, that can be
expressed as an hexadecimal.

Now this command displays the following error:

<cmdline>:1:52-57: Error: This is not a valid Ethernet protocol
add rule ip6 filter input position 4 meta protocol icmpv6 accept
                                                   ^^^^^^

This closes bugzilla #834:
https://bugzilla.netfilter.org/show_bug.cgi?id=834

Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/datatype.c b/src/datatype.c
index 62539957ebdb1677d86f1dbd5fde2c53988da005..55368eed418e6e3ef17521d508aa61372326306f 100644 (file)
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -229,8 +229,10 @@ static struct error_record *integer_type_parse(const struct expr *sym,
        if (gmp_sscanf(sym->identifier, "%Zu%n", v, &len) != 1 ||
            (int)strlen(sym->identifier) != len) {
                mpz_clear(v);
-               if (sym->dtype != &integer_type)
-                       return NULL;
+               if (sym->dtype != &integer_type) {
+                       return error(&sym->location, "This is not a valid %s",
+                                    sym->dtype->desc);
+               }
                return error(&sym->location, "Could not parse %s",
                             sym->dtype->desc);
        }