From: Phil Sutter <phil@nwl.cc>
Date: Wed, 13 Sep 2023 18:53:41 +0000 (+0200)
Subject: parser_json: Wrong check in json_parse_ct_timeout_policy()
X-Git-Tag: v1.0.6.1~340
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7324e3f693e3be93f31ce18d5b0d809abf2a8981;p=thirdparty%2Fnftables.git

parser_json: Wrong check in json_parse_ct_timeout_policy()

commit 1e5ad2eeb38af0af2e06d4cba0ec4d84009855fa upstream.

The conditional around json_unpack() was meant to accept a missing
policy attribute. But the accidentally inverted check made the function
either ignore a given policy or access uninitialized memory.

Fixes: c82a26ebf7e9f ("json: Add ct timeout support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/src/parser_json.c b/src/parser_json.c
index aa15a7fc..efa1205a 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -3299,7 +3299,7 @@ static int json_parse_ct_timeout_policy(struct json_ctx *ctx,
 	json_t *tmp, *val;
 	const char *key;
 
-	if (!json_unpack(root, "{s:o}", "policy", &tmp))
+	if (json_unpack(root, "{s:o}", "policy", &tmp))
 		return 0;
 
 	if (!json_is_object(tmp)) {