]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4890211)
evaluate: reject sets with no key
authorFlorian Westphal <fw@strlen.de>
Thu, 30 Nov 2023 20:29:52 +0000 (21:29 +0100)
committerFlorian Westphal <fw@strlen.de>
Fri, 1 Dec 2023 11:26:49 +0000 (12:26 +0100)
nft --check -f tests/shell/testcases/bogons/nft-f/set_without_key
Segmentation fault (core dumped)

Fixes: 56c90a2dd2eb ("evaluate: expand sets and maps before evaluation")
Signed-off-by: Florian Westphal <fw@strlen.de>
src/evaluate.c patch | blob | blame | history
tests/shell/testcases/bogons/nft-f/map_without_key [new file with mode: 0644] patch | blob
tests/shell/testcases/bogons/nft-f/set_without_key [new file with mode: 0644] patch | blob

diff --git a/src/evaluate.c b/src/evaluate.c
index 2ead03471102d498c5b601081de1cda489b14f27..048880e54daf148d036aedfaf56088551e34ee79 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -4621,6 +4621,9 @@ static int elems_evaluate(struct eval_ctx *ctx, struct set *set)
 {
        ctx->set = set;
        if (set->init != NULL) {
+               if (set->key == NULL)
+                       return set_error(ctx, set, "set definition does not specify key");
+
                __expr_set_context(&ctx->ectx, set->key->dtype,
                                   set->key->byteorder, set->key->len, 0);
                if (expr_evaluate(ctx, &set->init) < 0)
diff --git a/tests/shell/testcases/bogons/nft-f/map_without_key b/tests/shell/testcases/bogons/nft-f/map_without_key
new file mode 100644 (file)
index 0000000..78f16b2
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/map_without_key
@@ -0,0 +1,5 @@
+table t {
+       map m {
+               elements = { 0x00000023 : 0x00001337 }
+       }
+}
diff --git a/tests/shell/testcases/bogons/nft-f/set_without_key b/tests/shell/testcases/bogons/nft-f/set_without_key
new file mode 100644 (file)
index 0000000..f194afb
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/set_without_key
@@ -0,0 +1,5 @@
+table ip t {
+       set s {
+               elements = { 0x00000023-0x00000142, 0x00001337 }
+       }
+}
Mirror of git://git.netfilter.org/nftables