From: Jo-Philipp Wich <jo@mein.io>
Date: Fri, 11 Aug 2023 00:11:15 +0000 (+0200)
Subject: fw4: fix another instance of invalid rule jump targets
X-Git-Url: http://git.openwrt.org/feed/packages.git;openwrt-19.07?a=commitdiff_plain;h=20da9933fd7e3d9b03ffe0ed6eeef0137b5cef0f;p=project%2Ffirewall4.git

fw4: fix another instance of invalid rule jump targets

Ensure that action-less rules don't jump anywhere, we still emitted an
invalid jump for destination (outbound) rules.

Ref: https://github.com/openwrt/firewall4/issues/5#issuecomment-1673574359
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index cba7b02..e0748cc 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -2380,7 +2380,7 @@ return {
 			}
 		}
 
-		let need_src_action_chain = (rule) => (rule.src?.zone?.log && rule.target && rule.target != "accept");
+		let need_src_action_chain = (rule) => (rule.src?.zone?.log && rule.target != "accept");
 
 		let add_rule = (family, proto, saddrs, daddrs, sports, dports, icmptypes, icmpcodes, ipset, rule) => {
 			let r = {
@@ -2478,11 +2478,11 @@ return {
 						r.chain = "output";
 				}
 
-				if (r.dest && !r.dest.any) {
+				if (r.target && r.dest && !r.dest.any) {
 					r.jump_chain = `${r.target}_to_${r.dest.zone.name}`;
 					r.dest.zone.dflags[r.target] = true;
 				}
-				else if (need_src_action_chain(r)) {
+				else if (r.target && need_src_action_chain(r)) {
 					r.jump_chain = `${r.target}_from_${r.src.zone.name}`;
 					r.src.zone.sflags[r.target] = true;
 				}