evaluate: Add set to cache only when well-formed

When creating a set (in set_evaluate), it is added to the table cache before
being checked for correctness. When the set is ill-formed, the function returns
without removing the (non-existent, since the function returned) set. Further
references to this set will not result in an error (since the set is in the
lookup table), but the malformed set will probably cause a segfault.

The symptom (the segfault) was fixed by checking for NULL when evaluating a
reference to the set (commit 5afa5a164ff1c066af1ec56d875b91562882bd50), this
should fix the root cause.

Signed-off-by: Anatole Denis <anatole@rezel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 8b113c8cf9cdca90ff14e8f94ed599194b54aa70..b12af14ec10504c5e07974a8149df8569b974d16 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2550,9 +2550,6 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
                return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                 ctx->cmd->handle.table);
 
-       if (set_lookup(table, set->handle.set) == NULL)
-               set_add_hash(set_get(set), table);
-
        type = set->flags & SET_F_MAP ? "map" : "set";
 
        if (set->keytype == NULL)
@@ -2583,6 +2580,9 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
        }
        ctx->set = NULL;
 
+       if (set_lookup(table, set->handle.set) == NULL)
+               set_add_hash(set_get(set), table);
+
        /* Default timeout value implies timeout support */
        if (set->timeout)
                set->flags |= SET_F_TIMEOUT;