parser_json: allow statement stateful statement only in set elements

author Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 1 Apr 2025 07:49:48 +0000 (09:49 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 1 Apr 2025 19:06:17 +0000 (21:06 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 1 Apr 2025 07:49:48 +0000 (09:49 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 1 Apr 2025 19:06:17 +0000 (21:06 +0200)
diff --git a/src/parser_json.c b/src/parser_json.c

index 053dd81a076f7e26e64e69dbe076bf4dc6f918c1..4c9dc54154453559aaebf7ab53e1a65e3939e046 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2433,6 +2433,11 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
                         stmt_list_free(stmt_list);
                         return;
                 }
+               if (!(stmt->flags & STMT_F_STATEFUL)) {
+                       stmt_free(stmt);
+                       json_error(ctx, "Unsupported set statements array at index %zd failed.", index);
+                       stmt_list_free(stmt_list);
+               }
                 list_add(&stmt->list, head);
                 head = &stmt->list;
         }
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 1 Apr 2025 07:49:48 +0000 (09:49 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 1 Apr 2025 19:06:17 +0000 (21:06 +0200)