diff options
author | Phil Sutter <phil@nwl.cc> | 2023-09-20 19:11:45 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-03 12:23:37 +0100 |
commit | 04109b455293d726fb565ac02e083fa41330e672 (patch) | |
tree | 7c76f67912c60765955db994ce7b012959448040 | |
parent | 8db05f2c4f3d71571a8d6fe017699a61fab16331 (diff) |
parser_json: Proper ct expectation attribute parsing
commit 34c1337296807b3a3147c95268f5e4ca70811779 upstream.
Parts of the code were unsafe (parsing 'I' format into uint32_t), the
rest just plain wrong (parsing 'o' format into char *tmp). Introduce a
temporary int variable to parse into.
Fixes: 1dd08fcfa07a4 ("src: add ct expectations support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
-rw-r--r-- | src/parser_json.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/parser_json.c b/src/parser_json.c index f61cc14e..996004ac 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -3331,8 +3331,8 @@ static struct cmd *json_parse_cmd_add_object(struct json_ctx *ctx, { const char *family, *tmp, *rate_unit = "packets", *burst_unit = "bytes"; uint32_t l3proto = NFPROTO_UNSPEC; + int inv = 0, flags = 0, i; struct handle h = { 0 }; - int inv = 0, flags = 0; struct obj *obj; json_t *jflags; @@ -3483,11 +3483,12 @@ static struct cmd *json_parse_cmd_add_object(struct json_ctx *ctx, return NULL; } } - if (!json_unpack(root, "{s:o}", "dport", &tmp)) - obj->ct_expect.dport = atoi(tmp); - json_unpack(root, "{s:I}", "timeout", &obj->ct_expect.timeout); - if (!json_unpack(root, "{s:o}", "size", &tmp)) - obj->ct_expect.size = atoi(tmp); + if (!json_unpack(root, "{s:i}", "dport", &i)) + obj->ct_expect.dport = i; + if (!json_unpack(root, "{s:i}", "timeout", &i)) + obj->ct_expect.timeout = i; + if (!json_unpack(root, "{s:i}", "size", &i)) + obj->ct_expect.size = i; break; case CMD_OBJ_LIMIT: obj->type = NFT_OBJECT_LIMIT; |