netlink: Do not allocate a bogus flowtable priority expr

commit 10b9a85b3278e0933bf47226588fede8c9fcbcc8 upstream.

Code accidentally treats missing NFTNL_FLOWTABLE_PRIO attribute as zero
prio value which may not be correct.

Fixes: db0697ce7f602 ("src: support for flowtable listing")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink.c b/src/netlink.c
index 508b6ea82f59e811ead7554ca96dd821d542701e..5c639881c01fca39b8a7a37c695755ffe3ac2394 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1845,14 +1845,16 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx,
                      sizeof(char *), qsort_device_cmp);
        }
 
-       priority = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_PRIO);
-       flowtable->priority.expr =
+       if (nftnl_flowtable_is_set(nlo, NFTNL_FLOWTABLE_PRIO)) {
+               priority = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_PRIO);
+               flowtable->priority.expr =
                                constant_expr_alloc(&netlink_location,
                                                    &integer_type,
                                                    BYTEORDER_HOST_ENDIAN,
                                                    sizeof(int) *
                                                    BITS_PER_BYTE,
                                                    &priority);
+       }
        flowtable->hook.num =
                nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM);
        flowtable->flags =