tcpopt: don't create exthdr expression without datatype

The reproducer crashes during concat evaluation, as the
exthdr expression lacks a datatype.

This should never happen, i->dtype must be set.

In this case the culprit is tcp option parsing, it will
wire up a non-existent template, because the "nop" option
has no length field (1 byte only).

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/tcpopt.c b/src/tcpopt.c
index 8111a50718ac65516fb23a044f26269218a13522..f977e417536adaf582bfdc52481242ff31e41210 100644 (file)
--- a/src/tcpopt.c
+++ b/src/tcpopt.c
@@ -224,7 +224,7 @@ struct expr *tcpopt_expr_alloc(const struct location *loc,
        }
 
        tmpl = &desc->templates[field];
-       if (!tmpl)
+       if (!tmpl || !tmpl->dtype)
                return NULL;
 
        expr = expr_alloc(loc, EXPR_EXTHDR, tmpl->dtype,

diff --git a/tests/shell/testcases/bogons/nft-f/tcp_option_without_template b/tests/shell/testcases/bogons/nft-f/tcp_option_without_template
new file mode 100644 (file)
index 0000000..fd732fd
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/tcp_option_without_template
@@ -0,0 +1 @@
+add rule f i tcp option nop length . @ih,32,3 1