From: Florian Westphal <fw@strlen.de>
Date: Mon, 21 Jul 2025 11:09:55 +0000 (+0200)
Subject: parser_json: reject non-concat expression
X-Git-Tag: v1.0.6.1~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d0004ba7bf3e3c404a9e4a948d16157e85c9a544;p=thirdparty%2Fnftables.git

parser_json: reject non-concat expression

commit f4d3e5e2f6595b6628b2aa948ff45ffaec40fb65 upstream.

Before "src: detach set, list and concatenation expression layout":
internal:0:0-0: Error: Concatenation with 0 elements is illegal

After this change, expr->size access triggers assert() failure, add
explicit test for etype to avoid this and error out:

internal:0:0-0: Error: Expected concat element, got symbol.

Fixes: e0d92243be1c ("src: detach set, list and concatenation expression layout")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/parser_json.c b/src/parser_json.c
index b213478e..f49c2619 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1181,10 +1181,18 @@ static struct expr *json_parse_binop_expr(struct json_ctx *ctx,
 
 static struct expr *json_check_concat_expr(struct json_ctx *ctx, struct expr *e)
 {
+	if (e->etype != EXPR_CONCAT) {
+		json_error(ctx, "Expected concatenation, got %s", expr_name(e));
+		goto err_free;
+	}
+
 	if (e->size >= 2)
 		return e;
 
-	json_error(ctx, "Concatenation with %d elements is illegal", e->size);
+	json_error(ctx, "Concatenation with %d elements is illegal",
+		   e->size);
+
+err_free:
 	expr_free(e);
 	return NULL;
 }
diff --git a/tests/shell/testcases/bogons/nft-j-f/concat_is_not_concat_assert b/tests/shell/testcases/bogons/nft-j-f/concat_is_not_concat_assert
new file mode 100644
index 00000000..bdee0351
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-j-f/concat_is_not_concat_assert
@@ -0,0 +1,39 @@
+{
+  "nftables": [
+    {
+  "metainfo": {
+"ver": "ION",
+    "rame": "RAME",
+    "json_schema_version": 1
+  }
+    },
+    {
+  "table": { "family": "ip", "name": "filter",
+    "le": 0
+  }
+    },
+    {
+  "set": {
+    "family": "ip",
+    "name": "test_set",
+    "table": "filter",
+    "type": [
+  "iface_index",   "ether_addr",   "ipv4_addr"
+    ],
+    "he": 0,
+    "flags": "interval",
+"elem": [
+  {
+    "elem": {
+  "val": {
+    "concat": [
+ "10.1.2.3"
+    ]   },
+  "comment": "90"
+}
+  }
+    ]
+  }
+}
+  ]
+}