From: Sebastian Walz (sivizius) Date: Mon, 19 Aug 2024 17:58:14 +0000 (+0200) Subject: parser_json: release buffer returned by json_dumps X-Git-Tag: v1.1.1~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=46700fbdbbbaab0d7db716fce3a438334c58ac9e;p=thirdparty%2Fnftables.git parser_json: release buffer returned by json_dumps The signature of `json_dumps` is: `char *json_dumps(const json_t *json, size_t flags)`: It will return a pointer to an owned string, the caller must free it. However, `json_error` just borrows the string to format it as `%s`, but after printing the formatted error message, the pointer to the string is lost and thus never freed. Fixes: 586ad210368b ("libnftables: Implement JSON parser") Signed-off-by: Sebastian Walz (sivizius) Signed-off-by: Pablo Neira Ayuso --- diff --git a/src/parser_json.c b/src/parser_json.c index 4912d360..fc20fe29 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -181,8 +181,11 @@ static int json_unpack_stmt(struct json_ctx *ctx, json_t *root, assert(value); if (json_object_size(root) != 1) { + const char *dump = json_dumps(root, 0); + json_error(ctx, "Malformed object (too many properties): '%s'.", - json_dumps(root, 0)); + dump); + free_const(dump); return 1; } @@ -3378,8 +3381,10 @@ static struct cmd *json_parse_cmd_add_set(struct json_ctx *ctx, json_t *root, } else if ((set->data = json_parse_dtype_expr(ctx, tmp))) { set->flags |= NFT_SET_MAP; } else { - json_error(ctx, "Invalid map type '%s'.", - json_dumps(tmp, 0)); + const char *dump = json_dumps(tmp, 0); + + json_error(ctx, "Invalid map type '%s'.", dump); + free_const(dump); set_free(set); handle_free(&h); return NULL;