]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bce1466) | patch
parser_json: reject non-concat expression
authorFlorian Westphal <fw@strlen.de>
Mon, 21 Jul 2025 11:09:55 +0000 (13:09 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 13 Aug 2025 18:54:15 +0000 (20:54 +0200)
commitd0004ba7bf3e3c404a9e4a948d16157e85c9a544
treedcf3408c3ccffc3c82fbea7b0435177cad08d578tree | snapshot
parentbce146622186cd6fc91429541dce5a880008924bcommit | diff
parser_json: reject non-concat expression

commit f4d3e5e2f6595b6628b2aa948ff45ffaec40fb65 upstream.

Before "src: detach set, list and concatenation expression layout":
internal:0:0-0: Error: Concatenation with 0 elements is illegal

After this change, expr->size access triggers assert() failure, add
explicit test for etype to avoid this and error out:

internal:0:0-0: Error: Expected concat element, got symbol.

Fixes: e0d92243be1c ("src: detach set, list and concatenation expression layout")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/parser_json.c diff | blob | blame | history
tests/shell/testcases/bogons/nft-j-f/concat_is_not_concat_assert [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables