| Message ID | 1417000071-22579-1-git-send-email-alvaroneay@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
On Wed, Nov 26, 2014 at 12:07:51PM +0100, Alvaro Neira Ayuso wrote: > If we use tcp reset with a network protocol that tcp is not supported, > we display an error. This error use the reject.expr location which is NULL, > therefore we have a crash. This patch replaces it using the reject statement > to display the error like: > > Rule: > nft add bridge filter input ether type vlan reject with tcp reset > Output: > <cmdline>:1:46-51: Error: cannot reject this ether type > add rule bridge filter input ether type vlan reject with tcp reset Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/evaluate.c b/src/evaluate.c index 3eeb614..00e55b7 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1277,7 +1277,7 @@ static int stmt_evaluate_reject_bridge_family(struct eval_ctx *ctx, case __constant_htons(ETH_P_IPV6): break; default: - return stmt_binary_error(ctx, stmt->reject.expr, + return stmt_binary_error(ctx, stmt, &ctx->pctx.protocol[PROTO_BASE_NETWORK_HDR], "cannot reject this ether type"); }
If we use tcp reset with a network protocol that tcp is not supported, we display an error. This error use the reject.expr location which is NULL, therefore we have a crash. This patch replaces it using the reject statement to display the error like: Rule: nft add bridge filter input ether type vlan reject with tcp reset Output: <cmdline>:1:46-51: Error: cannot reject this ether type add rule bridge filter input ether type vlan reject with tcp reset ~~~~~~~~~~~~~~~ ^^^^^^ Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> --- [changes in v2] * Enhanced title and description src/evaluate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)