From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 1 Apr 2025 15:36:48 +0000 (+0200)
Subject: cache: prevent possible crash rule filter is NULL
X-Git-Tag: v1.1.2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2412e760826f315ada984f7ee433a2077f180c8b;p=thirdparty%2Fnftables.git

cache: prevent possible crash rule filter is NULL

Similar to 3f0a47f9f00c ("cache: don't crash when filter is NULL").

No real crash observed but it is good to tigthen this.

Fixes: dbff26bfba83 ("cache: consolidate reset command")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/cache.c b/src/cache.c
index c0d96bd1..e89acdf5 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -714,6 +714,7 @@ static int rule_cache_dump(struct netlink_ctx *ctx, const struct handle *h,
 	const char *chain = NULL;
 	uint64_t rule_handle = 0;
 	int family = h->family;
+	bool reset = false;
 	bool dump = true;
 
 	if (filter) {
@@ -727,11 +728,12 @@ static int rule_cache_dump(struct netlink_ctx *ctx, const struct handle *h,
 		}
 		if (filter->list.family)
 			family = filter->list.family;
+
+		reset = filter->reset.rule;
 	}
 
 	rule_cache = mnl_nft_rule_dump(ctx, family,
-				       table, chain, rule_handle, dump,
-				       filter->reset.rule);
+				       table, chain, rule_handle, dump, reset);
 	if (rule_cache == NULL) {
 		if (errno == EINTR)
 			return -1;