rule: return error if table does not exist

commit 853d3a2d3cbdc7aab16d3d33999d00b32a6db7ce upstream.

The bogon triggers segfault due to NULL dereference.  Error out and set
errno to ENOENT; caller uses strerror() in the errmsg.

After fix, loading reproducer results in:
/tmp/A:2:1-18: Error: Could not process rule: No such file or directory
list table inet p
^^^^^^^^^^^^^^^^^^

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/rule.c b/src/rule.c
index 4b9eb1c269fb7b4b1be3a4104e802b790904f80d..b4f1d98edbd89e6b0abf40d4fbcd7421e0e0e7dd 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -2521,10 +2521,16 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
        if (nft_output_json(&ctx->nft->output))
                return do_command_list_json(ctx, cmd);
 
-       if (cmd->handle.table.name != NULL)
+       if (cmd->handle.table.name != NULL) {
                table = table_cache_find(&ctx->nft->cache.table_cache,
                                         cmd->handle.table.name,
                                         cmd->handle.family);
+               if (!table) {
+                       errno = ENOENT;
+                       return -1;
+               }
+       }
+
        switch (cmd->obj) {
        case CMD_OBJ_TABLE:
                if (!cmd->handle.table.name)

diff --git a/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash b/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
new file mode 100644 (file)
index 0000000..b802430
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
@@ -0,0 +1,3 @@
+table inet p
+list table inet p
+delete  table inet p