From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 1 Apr 2025 07:49:48 +0000 (+0200)
Subject: parser_json: allow statement stateful statement only in set elements
X-Git-Tag: v1.1.2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=85b5b051f0e64f106cee078fc6d66d0872770e79;p=thirdparty%2Fnftables.git

parser_json: allow statement stateful statement only in set elements

Upfront reject of non stateful statements in set elements.

Fixes: 07958ec53830 ("json: add set statement list support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/parser_json.c b/src/parser_json.c
index 053dd81a..4c9dc541 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2433,6 +2433,11 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 			stmt_list_free(stmt_list);
 			return;
 		}
+		if (!(stmt->flags & STMT_F_STATEFUL)) {
+			stmt_free(stmt);
+			json_error(ctx, "Unsupported set statements array at index %zd failed.", index);
+			stmt_list_free(stmt_list);
+		}
 		list_add(&stmt->list, head);
 		head = &stmt->list;
 	}