* [PATCH nft] cache: prevent possible crash rule filter is NULL
@ 2025-04-01 15:40 Pablo Neira Ayuso
0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2025-04-01 15:40 UTC (permalink / raw)
To: netfilter-devel; +Cc: fw
Similar to 3f0a47f9f00c ("cache: don't crash when filter is NULL").
No real crash observed but it is good to tigthen this.
Fixes: dbff26bfba83 ("cache: consolidate reset command")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/cache.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index b75a5bf3283c..52f7c9abd741 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -714,6 +714,7 @@ static int rule_cache_dump(struct netlink_ctx *ctx, const struct handle *h,
const char *chain = NULL;
uint64_t rule_handle = 0;
int family = h->family;
+ bool reset = false;
bool dump = true;
if (filter) {
@@ -727,11 +728,12 @@ static int rule_cache_dump(struct netlink_ctx *ctx, const struct handle *h,
}
if (filter->list.family)
family = filter->list.family;
+
+ reset = filter->reset.rule;
}
rule_cache = mnl_nft_rule_dump(ctx, family,
- table, chain, rule_handle, dump,
- filter->reset.rule);
+ table, chain, rule_handle, dump, reset);
if (rule_cache == NULL) {
if (errno == EINTR)
return -1;
--
2.30.2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-04-01 15:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-01 15:40 [PATCH nft] cache: prevent possible crash rule filter is NULL Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).