From: Jo-Philipp Wich <jo@mein.io>
Date: Mon, 13 Jun 2022 13:21:01 +0000 (+0200)
Subject: fw4: fix skipping invalid IPv6 ipset entries
X-Git-Url: http://git.openwrt.org/%22https:/collectd.org//%22http:/www.crowdsec.net/%22/%22https:/collectd.org/%22http:/www.crowdsec.net/%22?a=commitdiff_plain;h=880dd31353c8db8bad4b193cc4928ba01ff29c78;p=project%2Ffirewall4.git

fw4: fix skipping invalid IPv6 ipset entries

The current code did not account for invalid IPv6 entries yielding `null`
after subnet parsing, leading to an incorrect warning about multiple entries
and a subsequent `null` access leading to a crash.

Fix the issue by ensuring that the length check expression yields `0` on
invalid inputs.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 0200758..d600528 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -1439,7 +1439,7 @@ return {
 			case 'ipv6_addr':
 				ip = filter(this.parse_subnet(values[i]), a => (a.family == 6));
 
-				switch(length(ip)) {
+				switch (length(ip) ?? 0) {
 				case 0: return null;
 				case 1: break;
 				case 2: this.warn("Set entry '%s' resolves to multiple addresses, using first one", values[i]);