]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3e8bb6f)
parser_json: fix crash in json_parse_set_stmt_list
authorSebastian Walz (sivizius) <sebastian.walz@secunet.com>
Mon, 19 Aug 2024 22:09:26 +0000 (00:09 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 23 Jan 2025 00:35:36 +0000 (01:35 +0100)
commit 26d9cbefb10e6bc3765df7e9e7a4fc3b951a80f3 upstream.

Due to missing `NULL`-check, there will be a segfault for invalid statements.

Fixes: 07958ec53830 ("json: add set statement list support")
Signed-off-by: Sebastian Walz (sivizius) <sebastian.walz@secunet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/parser_json.c patch | blob | blame | history

diff --git a/src/parser_json.c b/src/parser_json.c
index 80095e5f2c1e7dcaa2a0986c89640a7c1486bfd9..5f66a38b3b81c83b1ceba84a3bfa39174719cba5 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2288,7 +2288,7 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
                                      json_t *stmt_json)
 {
        struct list_head *head;
-       struct stmt *tmp;
+       struct stmt *stmt;
        json_t *value;
        size_t index;
 
@@ -2300,9 +2300,14 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 
        head = stmt_list;
        json_array_foreach(stmt_json, index, value) {
-               tmp = json_parse_stmt(ctx, value);
-               list_add(&tmp->list, head);
-               head = &tmp->list;
+               stmt = json_parse_stmt(ctx, value);
+               if (!stmt) {
+                       json_error(ctx, "Parsing set statements array at index %zd failed.", index);
+                       stmt_list_free(stmt_list);
+                       return;
+               }
+               list_add(&stmt->list, head);
+               head = &stmt->list;
        }
 }
 
Mirror of git://git.netfilter.org/nftables