JSON: Review set elem expressions

* There is no need to prefix element-specific properties with 'elem_',
  they can't conflict.
* In json_parse_set_stmt(), searching for above properties is pointless
  since that's already done by called function.
* Fix potential NULL-pointer deref in json_parse_set_elem_expr_stmt():
  json_parse_flagged_expr() may return NULL.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/json.c b/src/json.c
index e31e31327866f0e70097029d52af8cdd82f04f56..83366df89804c2498bc6364a575080f5b3194ec3 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -508,13 +508,13 @@ json_t *set_elem_expr_json(const struct expr *expr, struct output_ctx *octx)
                root = json_pack("{s:o}", "val", root);
 
                if (expr->timeout)
-                       json_object_set_new(root, "elem_timeout",
+                       json_object_set_new(root, "timeout",
                                            json_integer(expr->timeout / 1000));
                if (expr->expiration)
-                       json_object_set_new(root, "elem_expires",
+                       json_object_set_new(root, "expires",
                                            json_integer(expr->expiration / 1000));
                if (expr->comment)
-                       json_object_set_new(root, "elem_comment",
+                       json_object_set_new(root, "comment",
                                            json_string(expr->comment));
                return json_pack("{s:o}", "elem", root);
        }

diff --git a/src/parser_json.c b/src/parser_json.c
index afcd10a34d718f03ef0b7e12d404a5d138f154e6..fd60c59c396270058281a0b994aec43bfdec4a10 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1140,11 +1140,11 @@ static struct expr *json_parse_set_elem_expr(struct json_ctx *ctx,
 
        expr = set_elem_expr_alloc(int_loc, expr);
 
-       if (!json_unpack(root, "{s:i}", "elem_timeout", &i))
+       if (!json_unpack(root, "{s:i}", "timeout", &i))
                expr->timeout = i * 1000;
-       if (!json_unpack(root, "{s:i}", "elem_expires", &i))
+       if (!json_unpack(root, "{s:i}", "expires", &i))
                expr->expiration = i * 1000;
-       if (!json_unpack(root, "{s:s}", "elem_comment", &expr->comment))
+       if (!json_unpack(root, "{s:s}", "comment", &expr->comment))
                expr->comment = xstrdup(expr->comment);
 
        return expr;
@@ -1298,7 +1298,7 @@ static struct expr *json_parse_set_elem_expr_stmt(struct json_ctx *ctx, json_t *
 {
        struct expr *expr = json_parse_flagged_expr(ctx, CTX_F_SES, root);
 
-       if (expr->ops->type != EXPR_SET_ELEM)
+       if (expr && expr->ops->type != EXPR_SET_ELEM)
                expr = set_elem_expr_alloc(int_loc, expr);
 
        return expr;
@@ -1820,7 +1820,6 @@ static struct stmt *json_parse_set_stmt(struct json_ctx *ctx,
        struct expr *expr, *expr2;
        struct stmt *stmt;
        json_t *elem;
-       uint64_t tmp;
        int op;
 
        if (json_unpack_err(ctx, value, "{s:s, s:o, s:s}",
@@ -1842,12 +1841,6 @@ static struct stmt *json_parse_set_stmt(struct json_ctx *ctx,
                return NULL;
        }
 
-       if (!json_unpack(elem, "{s:I}", "elem_timeout", &tmp))
-               expr->timeout = tmp * 1000;
-       if (!json_unpack(elem, "{s:I}", "elem_expires", &tmp))
-               expr->expiration = tmp * 1000;
-       json_unpack(elem, "{s:s}", "elem_comment", &expr->comment);
-
        if (set[0] != '@') {
                json_error(ctx, "Illegal set reference in set statement.");
                expr_free(expr);

diff --git a/tests/py/ip/flowtable.t.json b/tests/py/ip/flowtable.t.json
index ca4b5f61972e455468d61cfd8e0436aba1ae8f2b..5e11172e772263ea18c396bbab2cb4c443dbba88 100644 (file)
--- a/tests/py/ip/flowtable.t.json
+++ b/tests/py/ip/flowtable.t.json
@@ -4,7 +4,7 @@
         "meter": {
             "key": {
                 "elem": {
-                    "elem_timeout": 30,
+                    "timeout": 30,
                     "val": {
                         "payload": {
                             "field": "saddr",

diff --git a/tests/py/ip/flowtable.t.json.output b/tests/py/ip/flowtable.t.json.output
new file mode 100644 (file)
index 0000000..004349a
--- /dev/null
+++ b/tests/py/ip/flowtable.t.json.output
@@ -0,0 +1,24 @@
+# meter xyz { ip saddr timeout 30s counter}
+[
+    {
+        "meter": {
+            "key": {
+                "elem": {
+                    "timeout": 30,
+                    "val": {
+                        "payload": {
+                            "field": "saddr",
+                            "name": "ip"
+                        }
+                    }
+                }
+            },
+            "name": "xyz",
+           "size": 65535,
+            "stmt": {
+                "counter": null
+            }
+        }
+    }
+]
+

diff --git a/tests/py/ip6/flowtable.t.json b/tests/py/ip6/flowtable.t.json
index e3d05339b5554b33e7002a8334ddd71b1278d57f..863669eb3b9f7a2b7a6ed16b52707f96ce54ced6 100644 (file)
--- a/tests/py/ip6/flowtable.t.json
+++ b/tests/py/ip6/flowtable.t.json
@@ -4,7 +4,7 @@
         "meter": {
             "key": {
                 "elem": {
-                    "elem_timeout": 600,
+                    "timeout": 600,
                     "val": {
                         "concat": [
                             {
@@ -34,7 +34,7 @@
         "meter": {
             "key": {
                 "elem": {
-                    "elem_timeout": 600,
+                    "timeout": 600,
                     "val": {
                         "concat": [
                             {