parser_json: Catch wrong "reset" payload

commit 22febeea80043f5fe4eb1aa7723da0a0a6953802 upstream.

The statement happily accepted any valid expression as payload and
assumed it to be a tcpopt expression (actually, a special case of
exthdr). Add a check to make sure this is the case.

Standard syntax does not provide this flexibility, so no need to have
the check there as well.

Fixes: 5d837d270d5a8 ("src: add tcp option reset support")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/parser_json.c b/src/parser_json.c
index 762e779de4b08f7f805988894560faa0b73b8952..47cc652bf410a77c17e83c94b619e01fa8532d38 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2704,7 +2704,14 @@ static struct stmt *json_parse_optstrip_stmt(struct json_ctx *ctx,
 {
        struct expr *expr = json_parse_expr(ctx, value);
 
-       return expr ? optstrip_stmt_alloc(int_loc, expr) : NULL;
+       if (!expr ||
+           expr->etype != EXPR_EXTHDR ||
+           expr->exthdr.op != NFT_EXTHDR_OP_TCPOPT) {
+               json_error(ctx, "Illegal TCP optstrip argument");
+               return NULL;
+       }
+
+       return optstrip_stmt_alloc(int_loc, expr);
 }
 
 static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root)