From: Florian Westphal <fw@strlen.de>
Date: Mon, 26 Feb 2024 09:34:59 +0000 (+0100)
Subject: parser_json: allow 0 offsets again
X-Git-Tag: v1.1.0~95
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e4f59f2dc68fb2e6d62a6c37e04366a8ebd199cf;p=thirdparty%2Fnftables.git

parser_json: allow 0 offsets again

Its valid in case of tcp option removal:

[ {
   "reset": {
     "tcp option": {
       "base": 123,
       "len": 0,
       "offset": 0
   }

This makes nft-test.py -j pass again.

Fixes: e08627257ecf ("parser: reject raw payload expressions with 0 length")
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/parser_json.c b/src/parser_json.c
index 970ae8cb..ff52423a 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -670,7 +670,7 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx,
 		if (kind < 0 || kind > 255)
 			return NULL;
 
-		if (len <= 0 || len > (int)NFT_MAX_EXPR_LEN_BITS) {
+		if (len < 0 || len > (int)NFT_MAX_EXPR_LEN_BITS) {
 			json_error(ctx, "option length must be between 0 and %lu, got %d",
 				   NFT_MAX_EXPR_LEN_BITS, len);
 			return NULL;