From: Phil Sutter <phil@nwl.cc>
Date: Thu, 11 Apr 2019 10:38:51 +0000 (+0200)
Subject: parser_json: Disallow ct helper as type to map to
X-Git-Tag: v0.9.1~100
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2bb74a7796ea6d7a9df64bb9d3ef57fc31b8d7b7;p=thirdparty%2Fnftables.git

parser_json: Disallow ct helper as type to map to

When creating a map, users may either map dtype:dtype or dtype:object.
In the second case, only counter, quota, limit and secmark is allowed by
bison, but JSON parser wasn't as strict, allowing ct helper as well.
Remove that to avoid undefined behaviour.

Fixes: 586ad210368b7 ("libnftables: Implement JSON parser")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/parser_json.c b/src/parser_json.c
index 19d3ad47..53017935 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2503,7 +2503,6 @@ static int string_to_nft_object(const char *str)
 	const char *obj_tbl[__NFT_OBJECT_MAX] = {
 		[NFT_OBJECT_COUNTER] = "counter",
 		[NFT_OBJECT_QUOTA] = "quota",
-		[NFT_OBJECT_CT_HELPER] = "ct helper",
 		[NFT_OBJECT_LIMIT] = "limit",
 		[NFT_OBJECT_SECMARK] = "secmark",
 	};