evaluate: fix assertion failure with malformed map definitions

commit 7fa22984d7841a0feeaaeb0c2ed5d3cb637097e0 upstream.

Included bogon triggers:
nft: src/evaluate.c:2267: expr_evaluate_mapping: Assertion `set->data != NULL' failed.

After this fix, following errors will be shown:
Error: unqualified type invalid specified in map definition. Try "typeof expression" instead of "type datatype".
map m {
    ^
map m {
    ^
Error: map has no mapping data

Fixes: 343a51702656 ("src: store expr, not dtype to track data in sets")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 3b76091971175283a0672d52a84fa443c0168445..3724a2bd3dcb86258e7566bafa5404713f250e46 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2163,7 +2163,10 @@ static int expr_evaluate_mapping(struct eval_ctx *ctx, struct expr **expr)
                                  "Key must be a constant");
        mapping->flags |= mapping->left->flags & EXPR_F_SINGLETON;
 
-       assert(set->data != NULL);
+       /* This can happen for malformed map definitions */
+       if (!set->data)
+               return set_error(ctx, set, "map has no mapping data");
+
        if (!set_is_anonymous(set->flags) &&
            set->data->flags & EXPR_F_INTERVAL)
                datalen = set->data->len / 2;

diff --git a/tests/shell/testcases/bogons/nft-f/malformed_map_expr_evaluate_mapping_assert b/tests/shell/testcases/bogons/nft-f/malformed_map_expr_evaluate_mapping_assert
new file mode 100644 (file)
index 0000000..c77a9c3
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/malformed_map_expr_evaluate_mapping_assert
@@ -0,0 +1,6 @@
+table ip x {
+        map m {
+                typeof ct saddr :ct expectation
+                elements = { * : none}
+        }
+}