]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1aa2909) | patch
rule: make cmd_free(NULL) valid
authorFlorian Westphal <fw@strlen.de>
Wed, 8 Jan 2025 11:30:15 +0000 (12:30 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 17 Jun 2025 09:20:47 +0000 (11:20 +0200)
commitf5cfded17fa157d1f8a357009806f72e50e7dca6
treefbc48051942bb4bf9afc0e21ddd957f99c450e36tree
parent1aa2909460b8cdf06e53ac56090daba131934e30commit | diff
rule: make cmd_free(NULL) valid

commit 581e051ae26b503484b7634b8799a9b9b531e95d upstream.

bison uses cmd_free($$) as destructor, but base_cmd can
set it to NULL, e.g.

  |       ELEMENT         set_spec        set_block_expr
  {
    if (nft_cmd_collapse_elems(CMD_ADD, state->cmds, &$2, $3)) {
       handle_free(&$2);
       expr_free($3);
       $$ = NULL;   // cmd set to NULL
       break;
    }
    $$ = cmd_alloc(CMD_ADD, CMD_OBJ_ELEMENTS, &$2, &@$, $3);

expr_free(NULL) is legal, cmd_free() causes crash.  So just allow
this to avoid cluttering parser_bison.y with "if ($$)".

Also add the afl-generated bogon input to the test files.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/rule.c diff | blob | blame | history
tests/shell/testcases/bogons/nft-f/cmd_is_null_on_free [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables