diff options
author | Phil Sutter <phil@nwl.cc> | 2023-09-13 22:07:46 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-03 12:23:37 +0100 |
commit | 5114ab50f786709cb2ac53a6bf006f1c40718526 (patch) | |
tree | 4aa966bbf5230d511bc0b209dca43c8e145fa182 | |
parent | 7324e3f693e3be93f31ce18d5b0d809abf2a8981 (diff) |
parser_json: Catch nonsense ops in match statement
commit 7df0b2f1a1c64e2bdc652fd2418b4f7218c93f1f upstream.
Since expr_op_symbols array includes binary operators and more, simply
checking the given string matches any of the elements is not sufficient.
Fixes: 586ad210368b7 ("libnftables: Implement JSON parser")
Signed-off-by: Phil Sutter <phil@nwl.cc>
-rw-r--r-- | src/parser_json.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/parser_json.c b/src/parser_json.c index efa1205a..c619e92f 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -1652,13 +1652,18 @@ static struct stmt *json_parse_match_stmt(struct json_ctx *ctx, !strcmp(opstr, expr_op_symbols[op])) break; } - if (op == __OP_MAX) { + switch (op) { + case OP_EQ ... OP_NEG: + break; + case __OP_MAX: if (!strcmp(opstr, "in")) { op = OP_IMPLICIT; - } else { - json_error(ctx, "Unknown relational op '%s'.", opstr); - return NULL; + break; } + /* fall through */ + default: + json_error(ctx, "Invalid relational op '%s'.", opstr); + return NULL; } left = json_parse_expr(ctx, jleft); |