From: Florian Westphal Date: Mon, 2 Jun 2025 12:22:33 +0000 (+0200) Subject: json: prevent null deref if chain->policy is not set X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=69b90023c7220fe283ee38686c758e3494e853d9;p=thirdparty%2Fnftables.git json: prevent null deref if chain->policy is not set The two commits mentioned below resolved null dererence crashes when the policy resp. priority keyword was missing in the chain/flowtable specification. Same issue exists in the json output path, so apply similar fix there and extend the existing test cases. Fixes: 5b37479b42b3 ("nftables: don't crash in 'list ruleset' if policy is not set") Fixes: b40bebbcee36 ("rule: do not crash if to-be-printed flowtable lacks priority") Signed-off-by: Florian Westphal Acked-by: Phil Sutter --- diff --git a/src/json.c b/src/json.c index cbed9ce9..e64bbf57 100644 --- a/src/json.c +++ b/src/json.c @@ -300,8 +300,14 @@ static json_t *chain_print_json(const struct chain *chain) if (chain->flags & CHAIN_F_BASECHAIN) { mpz_export_data(&priority, chain->priority.expr->value, BYTEORDER_HOST_ENDIAN, sizeof(int)); - mpz_export_data(&policy, chain->policy->value, - BYTEORDER_HOST_ENDIAN, sizeof(int)); + + if (chain->policy) { + mpz_export_data(&policy, chain->policy->value, + BYTEORDER_HOST_ENDIAN, sizeof(int)); + } else { + policy = NF_ACCEPT; + } + tmp = json_pack("{s:s, s:s, s:i, s:s}", "type", chain->type.str, "hook", hooknum2str(chain->handle.family, @@ -476,10 +482,13 @@ static json_t *obj_print_json(const struct obj *obj) static json_t *flowtable_print_json(const struct flowtable *ftable) { json_t *root, *devs = NULL; - int i, priority; + int i, priority = 0; + + if (ftable->priority.expr) { + mpz_export_data(&priority, ftable->priority.expr->value, + BYTEORDER_HOST_ENDIAN, sizeof(int)); + } - mpz_export_data(&priority, ftable->priority.expr->value, - BYTEORDER_HOST_ENDIAN, sizeof(int)); root = json_pack("{s:s, s:s, s:s, s:I, s:s, s:i}", "family", family2str(ftable->handle.family), "name", ftable->handle.flowtable.name, diff --git a/tests/shell/testcases/bogons/nft-j-f/flowtable-no-priority-crash b/tests/shell/testcases/bogons/nft-j-f/flowtable-no-priority-crash new file mode 100644 index 00000000..f348da90 --- /dev/null +++ b/tests/shell/testcases/bogons/nft-j-f/flowtable-no-priority-crash @@ -0,0 +1,6 @@ +table ip filter { + flowtable ft1 { + devices = { lo } + } +} +list ruleset diff --git a/tests/shell/testcases/nft-f/0021list_ruleset_0 b/tests/shell/testcases/nft-f/0021list_ruleset_0 index 37729b4f..f3c3749b 100755 --- a/tests/shell/testcases/nft-f/0021list_ruleset_0 +++ b/tests/shell/testcases/nft-f/0021list_ruleset_0 @@ -12,4 +12,9 @@ RULESET="table filter { list ruleset " -exec $NFT -f - <<< "$RULESET" +$NFT -f - <<< "$RULESET" + +if [ "$NFT_TEST_HAVE_json" != n ]; then + $NFT flush ruleset + $NFT -j -f - <<< "$RULESET" +fi