commit
f4d3e5e2f6595b6628b2aa948ff45ffaec40fb65 upstream.
Before "src: detach set, list and concatenation expression layout":
internal:0:0-0: Error: Concatenation with 0 elements is illegal
After this change, expr->size access triggers assert() failure, add
explicit test for etype to avoid this and error out:
internal:0:0-0: Error: Expected concat element, got symbol.
Fixes: e0d92243be1c ("src: detach set, list and concatenation expression layout")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
static struct expr *json_check_concat_expr(struct json_ctx *ctx, struct expr *e)
{
+ if (e->etype != EXPR_CONCAT) {
+ json_error(ctx, "Expected concatenation, got %s", expr_name(e));
+ goto err_free;
+ }
+
if (e->size >= 2)
return e;
- json_error(ctx, "Concatenation with %d elements is illegal", e->size);
+ json_error(ctx, "Concatenation with %d elements is illegal",
+ e->size);
+
+err_free:
expr_free(e);
return NULL;
}
--- /dev/null
+{
+ "nftables": [
+ {
+ "metainfo": {
+"ver": "ION",
+ "rame": "RAME",
+ "json_schema_version": 1
+ }
+ },
+ {
+ "table": { "family": "ip", "name": "filter",
+ "le": 0
+ }
+ },
+ {
+ "set": {
+ "family": "ip",
+ "name": "test_set",
+ "table": "filter",
+ "type": [
+ "iface_index", "ether_addr", "ipv4_addr"
+ ],
+ "he": 0,
+ "flags": "interval",
+"elem": [
+ {
+ "elem": {
+ "val": {
+ "concat": [
+ "10.1.2.3"
+ ] },
+ "comment": "90"
+}
+ }
+ ]
+ }
+}
+ ]
+}
projects / thirdparty / nftables.git / commitdiff
