parser_json: Catch nonsense ops in match statement

Since expr_op_symbols array includes binary operators and more, simply
checking the given string matches any of the elements is not sufficient.

Fixes: 586ad210368b7 ("libnftables: Implement JSON parser")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/parser_json.c b/src/parser_json.c
index eec73034842443ca5c2f2735066666d02b30098a..c4a097972c67b5e7a8624745fc76b6457cea2d8b 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1725,13 +1725,18 @@ static struct stmt *json_parse_match_stmt(struct json_ctx *ctx,
                    !strcmp(opstr, expr_op_symbols[op]))
                        break;
        }
-       if (op == __OP_MAX) {
+       switch (op) {
+       case OP_EQ ... OP_NEG:
+               break;
+       case __OP_MAX:
                if (!strcmp(opstr, "in")) {
                        op = OP_IMPLICIT;
-               } else {
-                       json_error(ctx, "Unknown relational op '%s'.", opstr);
-                       return NULL;
+                       break;
                }
+               /* fall through */
+       default:
+               json_error(ctx, "Invalid relational op '%s'.", opstr);
+               return NULL;
        }
 
        left = json_parse_expr(ctx, jleft);