diff mbox series

[nft] src: parser_json: fix crash while restoring secmark object

Message ID 20190916092943.35543-1-ejallot@gmail.com
State Superseded
Headers show
Series [nft] src: parser_json: fix crash while restoring secmark object | expand

Commit Message

Eric Jallot Sept. 16, 2019, 9:29 a.m. UTC 
Before patch:
 # nft -j list secmarks | tee rules.json | jq '.'
 {
   "nftables": [
     {
       "metainfo": {
         "version": "0.9.2",
         "release_name": "Scram",
         "json_schema_version": 1
       }
     },
     {
       "secmark": {
         "family": "inet",
         "name": "s",
         "table": "t",
         "handle": 1,
         "context": "system_u:object_r:ssh_server_packet_t:s0"
       }
     }
   ]
 }

 # nft flush ruleset
 # nft -j -f rules.json
 Segmentation fault

Use "&tmp" instead of "tmp" in json_unpack() while translating "context" keyword.

After patch:
 # nft -j -f rules.json
 # nft list secmarks
 table inet t {
         secmark s {
                 "system_u:object_r:ssh_server_packet_t:s0"
         }
 }

Fixes: 3bc84e5c1fdd1 ("src: add support for setting secmark")
Signed-off-by: Eric Jallot <ejallot@gmail.com>
---
 src/parser_json.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Florian Westphal Sept. 16, 2019, 2:11 p.m. UTC | #1 
Eric Jallot <ejallot@gmail.com> wrote:
> Before patch:
>  # nft -j list secmarks | tee rules.json | jq '.'
>  {

Applied, thanks.
diff mbox series

Patch

diff --git a/src/parser_json.c b/src/parser_json.c
index 5dd410af4b07..bc29dedf5b4c 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -3093,7 +3093,7 @@  static struct cmd *json_parse_cmd_add_object(struct json_ctx *ctx,
 		break;
 	case CMD_OBJ_SECMARK:
 		obj->type = NFT_OBJECT_SECMARK;
-		if (!json_unpack(root, "{s:s}", "context", tmp)) {
+		if (!json_unpack(root, "{s:s}", "context", &tmp)) {
 			int ret;
 			ret = snprintf(obj->secmark.ctx, sizeof(obj->secmark.ctx), "%s", tmp);
 			if (ret < 0 || ret >= (int)sizeof(obj->secmark.ctx)) {