Re: [PATCH nft] cache: don't crash when filter is NULL

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Tue, 1 Apr 2025 16:39:49 +0200

On Tue, Apr 01, 2025 at 04:33:42PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Apr 01, 2025 at 04:29:14PM +0200, Florian Westphal wrote:
> > a delete request will cause a crash in obj_cache_dump, move the deref
> > into the filter block.
> > 
> > Fixes: dbff26bfba83 ("cache: consolidate reset command")
> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> 
> Reviewed-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

BTW. Same pattern in:

- rule_cache_dump()

Maybe collapse this chunk too?

diff --git a/src/cache.c b/src/cache.c
index b75a5bf3283c..52f7c9abd741 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -714,6 +714,7 @@ static int rule_cache_dump(struct netlink_ctx *ctx, const struct handle *h,
 	const char *chain = NULL;
 	uint64_t rule_handle = 0;
 	int family = h->family;
+	bool reset = false;
 	bool dump = true;
 
 	if (filter) {
@@ -727,11 +728,12 @@ static int rule_cache_dump(struct netlink_ctx *ctx, const struct handle *h,
 		}
 		if (filter->list.family)
 			family = filter->list.family;
+
+		reset = filter->reset.rule;
 	}
 
 	rule_cache = mnl_nft_rule_dump(ctx, family,
-				       table, chain, rule_handle, dump,
-				       filter->reset.rule);
+				       table, chain, rule_handle, dump, reset);
 	if (rule_cache == NULL) {
 		if (errno == EINTR)
 			return -1;




