fw4: fix skipping invalid ipset entries

The current code did not account for invalid entires yielding `null` after
subnet parsing, leading to an incorrect warning about multiple entries and
a subsequent `null` access leading to a crash.

Fix the issue by ensuring that the length check expression yields `0` on
invalid inputs.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index b81f9adcb9ecb1e987c36bea398bfcfa105b5346..b725459c77d22d0a4f8ba924661a07c2239ca124 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -1432,7 +1432,7 @@ return {
                        case 'ipv4_addr':
                                ip = filter(this.parse_subnet(values[i]), a => (a.family == 4));
 
-                               switch (length(ip)) {
+                               switch (length(ip) ?? 0) {
                                case 0: return null;
                                case 1: break;
                                default: this.warn("Set entry '%s' resolves to multiple addresses, using first one", values[i]);