From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 31 Mar 2025 15:55:45 +0000 (+0200)
Subject: parser_json: reject empty jump/goto chain
X-Git-Tag: v1.0.6.1~69
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=90f7f5065c8f3f7995fe5191e5e59c40f3a19a0e;p=thirdparty%2Fnftables.git

parser_json: reject empty jump/goto chain

commit 9cce81701a033c4ff5e804fbf7a1149acb9e115a upstream.

When parsing a verdict map json where element jumps to chain represented
as empty string.

internal:0:0-0: Error: Parsing list expression item at index 0 failed.
internal:0:0-0: Error: Invalid set elem at index 0.
internal:0:0-0: Error: Invalid set elem expression.
internal:0:0-0: Error: Parsing command array at index 2 failed.

Fixes: 586ad210368b ("libnftables: Implement JSON parser")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/parser_json.c b/src/parser_json.c
index eb6537d4..c58a240a 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1298,9 +1298,13 @@ static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
 		if (strcmp(type, verdict_tbl[i].name))
 			continue;
 
-		if (verdict_tbl[i].need_chain &&
-		    json_unpack_err(ctx, root, "{s:s}", "target", &chain))
-			return NULL;
+		if (verdict_tbl[i].need_chain) {
+			if (json_unpack_err(ctx, root, "{s:s}", "target", &chain))
+				return NULL;
+
+			if (!chain || chain[0] == '\0')
+				return NULL;
+		}
 
 		return verdict_expr_alloc(int_loc, verdict_tbl[i].verdict,
 					  json_alloc_chain_expr(chain));