From: Alvaro Neira <alvaroneay@gmail.com>
Date: Wed, 26 Nov 2014 11:07:51 +0000 (+0100)
Subject: evaluate: reject: fix crash on NULL location with bridge and tcp reset
X-Git-Tag: v0.4~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ff7fed3b0d866268322d27511ddc73fbd8c77c8;p=thirdparty%2Fnftables.git

evaluate: reject: fix crash on NULL location with bridge and tcp reset

If we use tcp reset with a network protocol that tcp is not supported,
we display an error. This error use the reject.expr location which is NULL,
therefore we have a crash. This patch replaces it using the reject statement
to display the error like:

Rule:
 nft add bridge filter input ether type vlan reject with tcp reset
Output:
 <cmdline>:1:46-51: Error: cannot reject this ether type
 add rule bridge filter input ether type vlan reject with tcp reset
                              ~~~~~~~~~~~~~~~ ^^^^^^

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 3eeb614c..00e55b7d 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1277,7 +1277,7 @@ static int stmt_evaluate_reject_bridge_family(struct eval_ctx *ctx,
 		case __constant_htons(ETH_P_IPV6):
 			break;
 		default:
-			return stmt_binary_error(ctx, stmt->reject.expr,
+			return stmt_binary_error(ctx, stmt,
 				    &ctx->pctx.protocol[PROTO_BASE_NETWORK_HDR],
 				    "cannot reject this ether type");
 		}