From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 24 Jul 2013 13:14:22 +0000 (+0200)
Subject: datatype: fix crash if wrong integer type is passed
X-Git-Tag: v0.099~92
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a320531e7;p=thirdparty%2Fnftables.git

datatype: fix crash if wrong integer type is passed

Eric Leblond reported that this command:

nft add rule ip6 filter input position 4 meta protocol icmpv6 accept

crashes nft. The problem is that 'icmpv6' is wrong there, as
meta protocol is expecting an ethernet protocol, that can be
expressed as an hexadecimal.

Now this command displays the following error:

<cmdline>:1:52-57: Error: This is not a valid Ethernet protocol
add rule ip6 filter input position 4 meta protocol icmpv6 accept
                                                   ^^^^^^

This closes bugzilla #834:
https://bugzilla.netfilter.org/show_bug.cgi?id=834

Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/datatype.c b/src/datatype.c
index 62539957..55368eed 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -229,8 +229,10 @@ static struct error_record *integer_type_parse(const struct expr *sym,
 	if (gmp_sscanf(sym->identifier, "%Zu%n", v, &len) != 1 ||
 	    (int)strlen(sym->identifier) != len) {
 		mpz_clear(v);
-		if (sym->dtype != &integer_type)
-			return NULL;
+		if (sym->dtype != &integer_type) {
+			return error(&sym->location, "This is not a valid %s",
+				     sym->dtype->desc);
+		}
 		return error(&sym->location, "Could not parse %s",
 			     sym->dtype->desc);
 	}