add rule ip testNEW test6 jump test8
^^^^^
Error: invalid verdict chain expression value
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
v2: keep the check for the expression type in place.
@Charles: would you mind to test this one and confirm crash does not happen
anymore?
src/evaluate.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index f95f42e1067a..ed3ca484ad22 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1987,12 +1987,9 @@ static int stmt_evaluate_verdict(struct eval_ctx *ctx,
struct stmt *stmt)
if (stmt->expr->chain != NULL) {
if (expr_evaluate(ctx, &stmt->expr->chain) < 0)
return -1;
- if ((stmt->expr->chain->etype != EXPR_SYMBOL &&
- stmt->expr->chain->etype != EXPR_VALUE) ||
- stmt->expr->chain->symtype != SYMBOL_VALUE) {
- return stmt_error(ctx, stmt,
- "invalid verdict chain
expression %s\n",
- expr_name(stmt->expr->chain));
+ if (stmt->expr->chain->etype != EXPR_VALUE) {
+ return expr_error(ctx->msgs, stmt->expr->chain,
+ "not a value expression");
}
}
break;
--
2.11.0
