JSON: Fix parsing of meter statement key

The key must be a set elem expression, but if a "regular" expression was
provided (which should be commonly accepted in case no set elem specific
properties are required), the resulting object tree crashed libnftables.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_json.c b/src/parser_json.c
index 432991fa152d40f728f760fcb088183a5c6e4757..864463f4f5a92472737c98cc83c39aacfe635c1e 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1186,7 +1186,7 @@ static struct expr *json_parse_expr(struct json_ctx *ctx, json_t *root)
                { "jump", json_parse_verdict_expr, CTX_F_RHS | CTX_F_SET_RHS },
                { "goto", json_parse_verdict_expr, CTX_F_RHS | CTX_F_SET_RHS },
                { "return", json_parse_verdict_expr, CTX_F_RHS | CTX_F_SET_RHS },
-               { "elem", json_parse_set_elem_expr, CTX_F_RHS | CTX_F_STMT | CTX_F_PRIMARY },
+               { "elem", json_parse_set_elem_expr, CTX_F_RHS | CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SES },
        };
        const char *type;
        unsigned int i;
@@ -1992,7 +1992,7 @@ static struct stmt *json_parse_meter_stmt(struct json_ctx *ctx,
        stmt->meter.name = xstrdup(name);
        stmt->meter.size = size;
 
-       stmt->meter.key = json_parse_expr(ctx, jkey);
+       stmt->meter.key = json_parse_set_elem_expr_stmt(ctx, jkey);
        if (!stmt->meter.key) {
                json_error(ctx, "Invalid meter key.");
                stmt_free(stmt);