From: Sebastian Walz (sivizius) <sebastian.walz@secunet.com>
Date: Mon, 19 Aug 2024 22:09:26 +0000 (+0200)
Subject: parser_json: fix crash in json_parse_set_stmt_list
X-Git-Tag: v1.1.1~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=26d9cbefb10e6bc3765df7e9e7a4fc3b951a80f3;p=thirdparty%2Fnftables.git

parser_json: fix crash in json_parse_set_stmt_list

Due to missing `NULL`-check, there will be a segfault for invalid statements.

Fixes: 07958ec53830 ("json: add set statement list support")
Signed-off-by: Sebastian Walz (sivizius) <sebastian.walz@secunet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/parser_json.c b/src/parser_json.c
index d18188d8..bbe3b1c5 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2380,7 +2380,7 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 				     json_t *stmt_json)
 {
 	struct list_head *head;
-	struct stmt *tmp;
+	struct stmt *stmt;
 	json_t *value;
 	size_t index;
 
@@ -2392,9 +2392,14 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 
 	head = stmt_list;
 	json_array_foreach(stmt_json, index, value) {
-		tmp = json_parse_stmt(ctx, value);
-		list_add(&tmp->list, head);
-		head = &tmp->list;
+		stmt = json_parse_stmt(ctx, value);
+		if (!stmt) {
+			json_error(ctx, "Parsing set statements array at index %zd failed.", index);
+			stmt_list_free(stmt_list);
+			return;
+		}
+		list_add(&stmt->list, head);
+		head = &stmt->list;
 	}
 }