fw4: fix skipping invalid ipset entries

The current code did not account for invalid entires yielding `null` after subnet parsing, leading to an incorrect warning about multiple entries and a subsequent `null` access leading to a crash. Fix the issue by ensuring that the length check expression yields `0` on invalid inputs. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich 2022-04-21 19:10:26 +0000
committer: Jo-Philipp Wich 2022-04-21 19:11:59 +0000
commit: 9bce87374e7ecee5ab29bb210df6691f1b701229 (patch)
tree: 3222fdc84e945390ea1eec79e9d02772509f1bd9
parent: 425ea8a736ac81948bad7e201f4817848cb1813c (diff)
download: firewall4-9bce87374e7ecee5ab29bb210df6691f1b701229.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index b81f9ad..b725459 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -1432,7 +1432,7 @@ return {
 			case 'ipv4_addr':
 				ip = filter(this.parse_subnet(values[i]), a => (a.family == 4));
 
-				switch (length(ip)) {
+				switch (length(ip) ?? 0) {
 				case 0: return null;
 				case 1: break;
 				default: this.warn("Set entry '%s' resolves to multiple addresses, using first one", values[i]);
author	Jo-Philipp Wich	2022-04-21 19:10:26 +0000
committer	Jo-Philipp Wich	2022-04-21 19:11:59 +0000
commit	9bce87374e7ecee5ab29bb210df6691f1b701229 (patch)
tree	3222fdc84e945390ea1eec79e9d02772509f1bd9
parent	425ea8a736ac81948bad7e201f4817848cb1813c (diff)
download	firewall4-9bce87374e7ecee5ab29bb210df6691f1b701229.tar.gz