| Message ID | 20190411103851.27051-1-phil@nwl.cc |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [nft] parser_json: Disallow ct helper as type to map to | expand |
On Thu, Apr 11, 2019 at 12:38:51PM +0200, Phil Sutter wrote: > When creating a map, users may either map dtype:dtype or dtype:object. > In the second case, only counter, quota, limit and secmark is allowed by > bison, but JSON parser wasn't as strict, allowing ct helper as well. > Remove that to avoid undefined behaviour. Applied, thanks Phil.
diff --git a/src/parser_json.c b/src/parser_json.c index 19d3ad4728130..53017935eba53 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -2503,7 +2503,6 @@ static int string_to_nft_object(const char *str) const char *obj_tbl[__NFT_OBJECT_MAX] = { [NFT_OBJECT_COUNTER] = "counter", [NFT_OBJECT_QUOTA] = "quota", - [NFT_OBJECT_CT_HELPER] = "ct helper", [NFT_OBJECT_LIMIT] = "limit", [NFT_OBJECT_SECMARK] = "secmark", };
When creating a map, users may either map dtype:dtype or dtype:object. In the second case, only counter, quota, limit and secmark is allowed by bison, but JSON parser wasn't as strict, allowing ct helper as well. Remove that to avoid undefined behaviour. Fixes: 586ad210368b7 ("libnftables: Implement JSON parser") Signed-off-by: Phil Sutter <phil@nwl.cc> --- src/parser_json.c | 1 - 1 file changed, 1 deletion(-)