diff mbox series

[nft,03/18] rule: skip fuzzy lookup for unexisting 64-bit handle

Message ID 20210429234255.16840-4-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series cache updates,v2 | expand

Commit Message

Pablo Neira Ayuso April 29, 2021, 11:42 p.m. UTC 
Deletion by handle, if incorrect, should not exercise the misspell
lookup functions.

Fixes: 3a0e07106f66 ("src: combine extended netlink error reporting with mispelling support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cmd.c                                         | 15 +++++++++++++++
 .../cache/0009_delete_by_handle_incorrect_0       |  8 ++++++++
 2 files changed, 23 insertions(+)
 create mode 100755 tests/shell/testcases/cache/0009_delete_by_handle_incorrect_0
diff mbox series

Patch

diff --git a/src/cmd.c b/src/cmd.c
index 9cb5b6a3f33d..c04efce3801a 100644
--- a/src/cmd.c
+++ b/src/cmd.c
@@ -14,6 +14,9 @@  static int nft_cmd_enoent_table(struct netlink_ctx *ctx, const struct cmd *cmd,
 {
 	struct table *table;
 
+	if (!cmd->handle.table.name)
+		return 0;
+
 	table = table_lookup_fuzzy(&cmd->handle, &ctx->nft->cache);
 	if (!table)
 		return 0;
@@ -30,6 +33,9 @@  static int nft_cmd_enoent_chain(struct netlink_ctx *ctx, const struct cmd *cmd,
 	const struct table *table;
 	struct chain *chain;
 
+	if (!cmd->handle.chain.name)
+		return 0;
+
 	chain = chain_lookup_fuzzy(&cmd->handle, &ctx->nft->cache, &table);
 	if (!chain)
 		return 0;
@@ -81,6 +87,9 @@  static int nft_cmd_enoent_set(struct netlink_ctx *ctx, const struct cmd *cmd,
 	const struct table *table;
 	struct set *set;
 
+	if (!cmd->handle.set.name)
+		return 0;
+
 	set = set_lookup_fuzzy(cmd->handle.set.name, &ctx->nft->cache, &table);
 	if (!set)
 		return 0;
@@ -100,6 +109,9 @@  static int nft_cmd_enoent_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
 	const struct table *table;
 	struct obj *obj;
 
+	if (!cmd->handle.obj.name)
+		return 0;
+
 	obj = obj_lookup_fuzzy(cmd->handle.obj.name, &ctx->nft->cache, &table);
 	if (!obj)
 		return 0;
@@ -118,6 +130,9 @@  static int nft_cmd_enoent_flowtable(struct netlink_ctx *ctx,
 	const struct table *table;
 	struct flowtable *ft;
 
+	if (!cmd->handle.flowtable.name)
+		return 0;
+
 	ft = flowtable_lookup_fuzzy(cmd->handle.flowtable.name,
 				    &ctx->nft->cache, &table);
 	if (!ft)
diff --git a/tests/shell/testcases/cache/0009_delete_by_handle_incorrect_0 b/tests/shell/testcases/cache/0009_delete_by_handle_incorrect_0
new file mode 100755
index 000000000000..f0bb02a636ee
--- /dev/null
+++ b/tests/shell/testcases/cache/0009_delete_by_handle_incorrect_0
@@ -0,0 +1,8 @@ 
+#!/bin/bash
+
+$NFT delete table handle 4000 && exit 1
+$NFT delete chain t handle 4000 && exit 1
+$NFT delete set t handle 4000 && exit 1
+$NFT delete flowtable t handle 4000 && exit 1
+$NFT delete counter t handle 4000 && exit 1
+exit 0