parser_json: reject empty jump/goto chain

commit 9cce81701a033c4ff5e804fbf7a1149acb9e115a upstream.

When parsing a verdict map json where element jumps to chain represented
as empty string.

internal:0:0-0: Error: Parsing list expression item at index 0 failed.
internal:0:0-0: Error: Invalid set elem at index 0.
internal:0:0-0: Error: Invalid set elem expression.
internal:0:0-0: Error: Parsing command array at index 2 failed.

Fixes: 586ad210368b ("libnftables: Implement JSON parser")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_json.c b/src/parser_json.c
index eb6537d4e23d02fa38959312566712ec48de655c..c58a240a29df5922433c0f1dce4c7e55ace21fbd 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1298,9 +1298,13 @@ static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
                if (strcmp(type, verdict_tbl[i].name))
                        continue;
 
-               if (verdict_tbl[i].need_chain &&
-                   json_unpack_err(ctx, root, "{s:s}", "target", &chain))
-                       return NULL;
+               if (verdict_tbl[i].need_chain) {
+                       if (json_unpack_err(ctx, root, "{s:s}", "target", &chain))
+                               return NULL;
+
+                       if (!chain || chain[0] == '\0')
+                               return NULL;
+               }
 
                return verdict_expr_alloc(int_loc, verdict_tbl[i].verdict,
                                          json_alloc_chain_expr(chain));