From: Florian Westphal <fw@strlen.de>
Date: Fri, 28 Jul 2023 19:04:13 +0000 (+0200)
Subject: ct expectation: fix 'list object x' vs. 'list objects in table' confusion
X-Git-Tag: v1.0.6.1~71
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=705c84e5de96d78b55823de36f90b65bbc857930;p=thirdparty%2Fnftables.git

ct expectation: fix 'list object x' vs. 'list objects in table' confusion

commit a8ff324dc64fd76f7d218d3d94c5885250951258 upstream.

Just like "ct timeout", "ct expectation" is in need of the same fix,
we get segfault on "nft list ct expectation table t", if table t exists.

This is the exact same pattern as resolved for "ct timeout" in commit
1d2e22fc0521 ("ct timeout: fix 'list object x' vs. 'list objects in table' confusion").

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/include/rule.h b/include/rule.h
index 4f9262e6..4fae9eec 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -648,6 +648,7 @@ enum cmd_obj {
 	CMD_OBJ_SECMARK,
 	CMD_OBJ_SECMARKS,
 	CMD_OBJ_CT_EXPECT,
+	CMD_OBJ_CT_EXPECTATIONS,
 	CMD_OBJ_SYNPROXY,
 	CMD_OBJ_SYNPROXYS,
 	CMD_OBJ_HOOKS,
diff --git a/src/cache.c b/src/cache.c
index aaeb79f3..90eb901e 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -337,6 +337,7 @@ static int nft_handle_validate(const struct cmd *cmd, struct list_head *msgs)
 	case CMD_OBJ_CT_TIMEOUT:
 	case CMD_OBJ_CT_TIMEOUTS:
 	case CMD_OBJ_CT_EXPECT:
+	case CMD_OBJ_CT_EXPECTATIONS:
 		if (h->table.name &&
 		    strlen(h->table.name) > NFT_NAME_MAXLEN) {
 			loc = &h->table.location;
diff --git a/src/evaluate.c b/src/evaluate.c
index c44d2777..560db873 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5762,6 +5762,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_SECMARKS:
 	case CMD_OBJ_SYNPROXYS:
 	case CMD_OBJ_CT_TIMEOUTS:
+	case CMD_OBJ_CT_EXPECTATIONS:
 		if (cmd->handle.table.name == NULL)
 			return 0;
 		if (!table_cache_find(&ctx->nft->cache.table_cache,
diff --git a/src/parser_bison.y b/src/parser_bison.y
index db6f2492..67e6fc92 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4714,7 +4714,7 @@ ct_obj_type		:	HELPER		{ $$ = NFT_OBJECT_CT_HELPER; }
 
 ct_cmd_type		:	HELPERS		{ $$ = CMD_OBJ_CT_HELPERS; }
 			|	TIMEOUT		{ $$ = CMD_OBJ_CT_TIMEOUTS; }
-			|	EXPECTATION	{ $$ = CMD_OBJ_CT_EXPECT; }
+			|	EXPECTATION	{ $$ = CMD_OBJ_CT_EXPECTATIONS; }
 			;
 
 ct_l4protoname		:	TCP	close_scope_tcp	{ $$ = IPPROTO_TCP; }
diff --git a/src/rule.c b/src/rule.c
index 582ea40c..6c81106d 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2567,6 +2567,7 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_CT_TIMEOUTS:
 		return do_list_obj(ctx, cmd, NFT_OBJECT_CT_TIMEOUT);
 	case CMD_OBJ_CT_EXPECT:
+	case CMD_OBJ_CT_EXPECTATIONS:
 		return do_list_obj(ctx, cmd, NFT_OBJECT_CT_EXPECT);
 	case CMD_OBJ_LIMIT:
 	case CMD_OBJ_LIMITS: