All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH nft v2] src: parser_json: fix crash while restoring secmark object
@ 2019-09-16 10:24 Eric Jallot
  0 siblings, 0 replies; only message in thread
From: Eric Jallot @ 2019-09-16 10:24 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Eric Jallot

Before patch:
 # nft -j list ruleset | tee rules.json | jq '.'
 {
   "nftables": [
     {
       "metainfo": {
         "version": "0.9.2",
         "release_name": "Scram",
         "json_schema_version": 1
       }
     },
     {
       "table": {
         "family": "inet",
         "name": "t",
         "handle": 11
       }
     },
     {
       "secmark": {
         "family": "inet",
         "name": "s",
         "table": "t",
         "handle": 1,
         "context": "system_u:object_r:ssh_server_packet_t:s0"
       }
     }
   ]
 }

 # nft flush ruleset
 # nft -j -f rules.json
 Segmentation fault

Use "&tmp" instead of "tmp" in json_unpack() while translating "context" keyword.

After patch:
 # nft -j -f rules.json
 # nft list ruleset
 table inet t {
         secmark s {
                 "system_u:object_r:ssh_server_packet_t:s0"
         }
 }

Fixes: 3bc84e5c1fdd1 ("src: add support for setting secmark")
Signed-off-by: Eric Jallot <ejallot@gmail.com>
---
v1: Initial patch.
v2: Missing table creation. Use 'ruleset' instead of 'secmarks' to dump rules.

 src/parser_json.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/parser_json.c b/src/parser_json.c
index 5dd410af4b07..bc29dedf5b4c 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -3093,7 +3093,7 @@ static struct cmd *json_parse_cmd_add_object(struct json_ctx *ctx,
 		break;
 	case CMD_OBJ_SECMARK:
 		obj->type = NFT_OBJECT_SECMARK;
-		if (!json_unpack(root, "{s:s}", "context", tmp)) {
+		if (!json_unpack(root, "{s:s}", "context", &tmp)) {
 			int ret;
 			ret = snprintf(obj->secmark.ctx, sizeof(obj->secmark.ctx), "%s", tmp);
 			if (ret < 0 || ret >= (int)sizeof(obj->secmark.ctx)) {
-- 
2.11.0


^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2019-09-16 10:24 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-16 10:24 [PATCH nft v2] src: parser_json: fix crash while restoring secmark object Eric Jallot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.