]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d841312)
parser_json: allow 0 offsets again
authorFlorian Westphal <fw@strlen.de>
Mon, 26 Feb 2024 09:34:59 +0000 (10:34 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 22 Jan 2025 23:41:55 +0000 (00:41 +0100)
commit e4f59f2dc68fb2e6d62a6c37e04366a8ebd199cf upstream.

Its valid in case of tcp option removal:

[ {
   "reset": {
     "tcp option": {
       "base": 123,
       "len": 0,
       "offset": 0
   }

This makes nft-test.py -j pass again.

Fixes: e08627257ecf ("parser: reject raw payload expressions with 0 length")
Signed-off-by: Florian Westphal <fw@strlen.de>
src/parser_json.c patch | blob | blame | history

diff --git a/src/parser_json.c b/src/parser_json.c
index 122dfbfe58b72f2fa2caf994869561a5abbbe05c..0cee632077d92922d0cf4ab8531eb62140d0ac44 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -615,7 +615,7 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx,
                if (kind < 0 || kind > 255)
                        return NULL;
 
-               if (len <= 0 || len > (int)NFT_MAX_EXPR_LEN_BITS) {
+               if (len < 0 || len > (int)NFT_MAX_EXPR_LEN_BITS) {
                        json_error(ctx, "option length must be between 0 and %lu, got %d",
                                   NFT_MAX_EXPR_LEN_BITS, len);
                        return NULL;
Mirror of git://git.netfilter.org/nftables