Re: [PATCH nft] rule: return error if table does not exist

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Thu, 20 Mar 2025 18:37:30 +0100

On Thu, Mar 20, 2025 at 02:31:42PM +0100, Florian Westphal wrote:
> The bogon triggers segfault due to NULL dereference.  Error out and set
> errno to ENOENT; caller uses strerror() in the errmsg.
> 
> After fix, loading reproducer results in:
> /tmp/A:2:1-18: Error: Could not process rule: No such file or directory
> list table inet p
> ^^^^^^^^^^^^^^^^^^
> 
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>

Reviewed-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

Thanks.

> ---
>  src/rule.c                                                | 8 +++++++-
>  .../testcases/bogons/nft-f/list_a_deleted_table_crash     | 3 +++
>  2 files changed, 10 insertions(+), 1 deletion(-)
>  create mode 100644 tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
> 
> diff --git a/src/rule.c b/src/rule.c
> index 3edfa4715853..00fbbc4c080a 100644
> --- a/src/rule.c
> +++ b/src/rule.c
> @@ -2380,10 +2380,16 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
>  	if (nft_output_json(&ctx->nft->output))
>  		return do_command_list_json(ctx, cmd);
>  
> -	if (cmd->handle.table.name != NULL)
> +	if (cmd->handle.table.name != NULL) {
>  		table = table_cache_find(&ctx->nft->cache.table_cache,
>  					 cmd->handle.table.name,
>  					 cmd->handle.family);
> +		if (!table) {
> +			errno = ENOENT;
> +			return -1;
> +		}
> +	}
> +
>  	switch (cmd->obj) {
>  	case CMD_OBJ_TABLE:
>  		if (!cmd->handle.table.name)
> diff --git a/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash b/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
> new file mode 100644
> index 000000000000..b802430bb6cc
> --- /dev/null
> +++ b/tests/shell/testcases/bogons/nft-f/list_a_deleted_table_crash
> @@ -0,0 +1,3 @@
> +table inet p
> +list table inet p
> +delete  table inet p
> -- 
> 2.48.1
> 
> 