cache: check for NULL chain in cache_init()

Another process might race to add chains after chain_cache_init().
The generation check does not help since it comes after cache_init().
NLM_F_DUMP_INTR only guarantees consistency within one single netlink
dump operation, so it does not help either (cache population requires
several netlink dump commands).

Let's be safe and do not assume the chain exists in the cache when
populating the rule cache.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index f7187ee7237f96bdd410bfc34ca8b7a3dee0e9df..4e573676ddb2f8591567144702d9b5dc1d75a9e5 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -338,6 +338,11 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags)
                                if (!chain)
                                        chain = chain_binding_lookup(table,
                                                        rule->handle.chain.name);
+                               if (!chain) {
+                                       ret = -1;
+                                       goto cache_fails;
+                               }
+
                                list_move_tail(&rule->list, &chain->rules);
                        }
                        if (ret < 0) {