From patchwork Fri Jan 12 12:32:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 1886006 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=147.75.199.223; helo=ny.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-630-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org [147.75.199.223]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TBLXN1S6Qz1yP3 for ; Fri, 12 Jan 2024 23:32:36 +1100 (AEDT) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 695AC1C21A1A for ; Fri, 12 Jan 2024 12:32:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B35BF59175; Fri, 12 Jan 2024 12:32:28 +0000 (UTC) X-Original-To: netfilter-devel@vger.kernel.org Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [91.216.245.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8BC7282E5 for ; Fri, 12 Jan 2024 12:32:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=breakpoint.cc Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1rOGi0-0006Bj-Vc; Fri, 12 Jan 2024 13:32:24 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH nft] rule: do not crash if to-be-printed flowtable lacks priority Date: Fri, 12 Jan 2024 13:32:17 +0100 Message-ID: <20240112123220.12812-1-fw@strlen.de> X-Mailer: git-send-email 2.41.0 Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Print an empty flowtable rather than crashing when dereferencing flowtable->priority.expr (its NULL). Signed-off-by: Florian Westphal --- src/rule.c | 15 +++++++++------ .../testcases/bogons/flowtable-no-priority-crash | 6 ++++++ 2 files changed, 15 insertions(+), 6 deletions(-) create mode 100644 tests/shell/testcases/bogons/flowtable-no-priority-crash diff --git a/src/rule.c b/src/rule.c index 172ba1f606e9..4138c21b81bc 100644 --- a/src/rule.c +++ b/src/rule.c @@ -2088,12 +2088,15 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, if (nft_output_handle(octx)) nft_print(octx, " # handle %" PRIu64, flowtable->handle.handle.id); nft_print(octx, "%s", opts->nl); - nft_print(octx, "%s%shook %s priority %s%s", - opts->tab, opts->tab, - hooknum2str(NFPROTO_NETDEV, flowtable->hook.num), - prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV, - flowtable->hook.num, flowtable->priority.expr), - opts->stmt_separator); + + if (flowtable->priority.expr) { + nft_print(octx, "%s%shook %s priority %s%s", + opts->tab, opts->tab, + hooknum2str(NFPROTO_NETDEV, flowtable->hook.num), + prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV, + flowtable->hook.num, flowtable->priority.expr), + opts->stmt_separator); + } if (flowtable->dev_array_len > 0) { nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab); diff --git a/tests/shell/testcases/bogons/flowtable-no-priority-crash b/tests/shell/testcases/bogons/flowtable-no-priority-crash new file mode 100644 index 000000000000..b327a2bdd341 --- /dev/null +++ b/tests/shell/testcases/bogons/flowtable-no-priority-crash @@ -0,0 +1,6 @@ +reset rules +table inet filter { + flowtable f { + devices = { lo } + } +}