[PATCH nft 1/2] parser_json: allow statement stateful statement only in set elements

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft 1/2] parser_json: allow statement stateful statement only in set elements
@ 2025-04-01 14:36 Pablo Neira Ayuso
  2025-04-01 14:36 ` [PATCH nft 2/2] parser_json: bail out on malformed statement in set Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2025-04-01 14:36 UTC (permalink / raw)
  To: netfilter-devel

Upfront reject of non stateful statements in set elements.

Fixes: 07958ec53830 ("json: add set statement list support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_json.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/parser_json.c b/src/parser_json.c
index 053dd81a076f..4c9dc5415445 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2433,6 +2433,11 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 			stmt_list_free(stmt_list);
 			return;
 		}
+		if (!(stmt->flags & STMT_F_STATEFUL)) {
+			stmt_free(stmt);
+			json_error(ctx, "Unsupported set statements array at index %zd failed.", index);
+			stmt_list_free(stmt_list);
+		}
 		list_add(&stmt->list, head);
 		head = &stmt->list;
 	}
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [PATCH nft 2/2] parser_json: bail out on malformed statement in set
  2025-04-01 14:36 [PATCH nft 1/2] parser_json: allow statement stateful statement only in set elements Pablo Neira Ayuso
@ 2025-04-01 14:36 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2025-04-01 14:36 UTC (permalink / raw)
  To: netfilter-devel

Propagate error to caller so it bails out on malformed set statements.

Fixes: 07958ec53830 ("json: add set statement list support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_json.c | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/src/parser_json.c b/src/parser_json.c
index 4c9dc5415445..94d09212314f 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2410,9 +2410,9 @@ static struct stmt *json_parse_reject_stmt(struct json_ctx *ctx,
 	return stmt;
 }
 
-static void json_parse_set_stmt_list(struct json_ctx *ctx,
-				     struct list_head *stmt_list,
-				     json_t *stmt_json)
+static int json_parse_set_stmt_list(struct json_ctx *ctx,
+				    struct list_head *stmt_list,
+				    json_t *stmt_json)
 {
 	struct list_head *head;
 	struct stmt *stmt;
@@ -2420,10 +2420,12 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 	size_t index;
 
 	if (!stmt_json)
-		return;
+		return 0;
 
-	if (!json_is_array(stmt_json))
+	if (!json_is_array(stmt_json)) {
 		json_error(ctx, "Unexpected object type in stmt");
+		return -1;
+	}
 
 	head = stmt_list;
 	json_array_foreach(stmt_json, index, value) {
@@ -2431,16 +2433,19 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 		if (!stmt) {
 			json_error(ctx, "Parsing set statements array at index %zd failed.", index);
 			stmt_list_free(stmt_list);
-			return;
+			return -1;
 		}
 		if (!(stmt->flags & STMT_F_STATEFUL)) {
 			stmt_free(stmt);
 			json_error(ctx, "Unsupported set statements array at index %zd failed.", index);
 			stmt_list_free(stmt_list);
+			return -1;
 		}
 		list_add(&stmt->list, head);
 		head = &stmt->list;
 	}
+
+	return 0;
 }
 
 static struct stmt *json_parse_set_stmt(struct json_ctx *ctx,
@@ -2485,8 +2490,11 @@ static struct stmt *json_parse_set_stmt(struct json_ctx *ctx,
 	stmt->set.key = expr;
 	stmt->set.set = expr2;
 
-	if (!json_unpack(value, "{s:o}", "stmt", &stmt_json))
-		json_parse_set_stmt_list(ctx, &stmt->set.stmt_list, stmt_json);
+	if (!json_unpack(value, "{s:o}", "stmt", &stmt_json) &&
+	    json_parse_set_stmt_list(ctx, &stmt->set.stmt_list, stmt_json) < 0) {
+		stmt_free(stmt);
+		return NULL;
+	}
 
 	return stmt;
 }
@@ -2542,8 +2550,11 @@ static struct stmt *json_parse_map_stmt(struct json_ctx *ctx,
 	stmt->map.data = expr_data;
 	stmt->map.set = expr2;
 
-	if (!json_unpack(value, "{s:o}", "stmt", &stmt_json))
-		json_parse_set_stmt_list(ctx, &stmt->set.stmt_list, stmt_json);
+	if (!json_unpack(value, "{s:o}", "stmt", &stmt_json) &&
+	    json_parse_set_stmt_list(ctx, &stmt->set.stmt_list, stmt_json) < 0) {
+		stmt_free(stmt);
+		return NULL;
+	}
 
 	return stmt;
 }
@@ -3490,8 +3501,12 @@ static struct cmd *json_parse_cmd_add_set(struct json_ctx *ctx, json_t *root,
 	json_unpack(root, "{s:i}", "size", &set->desc.size);
 	json_unpack(root, "{s:b}", "auto-merge", &set->automerge);
 
-	if (!json_unpack(root, "{s:o}", "stmt", &stmt_json))
-		json_parse_set_stmt_list(ctx, &set->stmt_list, stmt_json);
+	if (!json_unpack(root, "{s:o}", "stmt", &stmt_json) &&
+	    json_parse_set_stmt_list(ctx, &set->stmt_list, stmt_json) < 0) {
+		set_free(set);
+		handle_free(&h);
+		return NULL;
+	}
 
 	handle_merge(&set->handle, &h);
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-04-01 14:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-01 14:36 [PATCH nft 1/2] parser_json: allow statement stateful statement only in set elements Pablo Neira Ayuso
2025-04-01 14:36 ` [PATCH nft 2/2] parser_json: bail out on malformed statement in set Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).