From: Phil Sutter <phil@nwl.cc>
Date: Wed, 13 Sep 2023 18:32:37 +0000 (+0200)
Subject: parser_json: Catch wrong "reset" payload
X-Git-Tag: v1.0.9~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=22febeea80043f5fe4eb1aa7723da0a0a6953802;p=thirdparty%2Fnftables.git

parser_json: Catch wrong "reset" payload

The statement happily accepted any valid expression as payload and
assumed it to be a tcpopt expression (actually, a special case of
exthdr). Add a check to make sure this is the case.

Standard syntax does not provide this flexibility, so no need to have
the check there as well.

Fixes: 5d837d270d5a8 ("src: add tcp option reset support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/src/parser_json.c b/src/parser_json.c
index e8a175de..9532f7be 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2797,7 +2797,14 @@ static struct stmt *json_parse_optstrip_stmt(struct json_ctx *ctx,
 {
 	struct expr *expr = json_parse_expr(ctx, value);
 
-	return expr ? optstrip_stmt_alloc(int_loc, expr) : NULL;
+	if (!expr ||
+	    expr->etype != EXPR_EXTHDR ||
+	    expr->exthdr.op != NFT_EXTHDR_OP_TCPOPT) {
+		json_error(ctx, "Illegal TCP optstrip argument");
+		return NULL;
+	}
+
+	return optstrip_stmt_alloc(int_loc, expr);
 }
 
 static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root)