parser_json: fix segfault in translating string to nft object

A segmentation fault is produced when applying an input JSON file
like the following:

{"nftables": [
	{ "add":
		{"map":
			{"family": "ip",
				"name": "persistencia",
				"table": "nftlb",
				"type": "ipv4_addr",
				"map": "mark",
				"size": 65535,
				"flags": ["timeout"],
				"timeout": 44
			}
		}
	}
]}

The captured error is:

 Program received signal SIGSEGV, Segmentation fault.
 #1  0x00007ffff7f734f9 in string_to_nft_object (str=0x55555555f410
  "mark") at parser_json.c:2513
 2513			if (!strcmp(str, obj_tbl[i]))

The obj_tbl array is allocated with the maximum element index even
if lower indexes are not populated, so it produces null pointer
items.

This patch ensures that the maximum number of possible indexes
but also the element is not comparing a null pointer.

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 3 insertions, 3 deletions

diff --git a/src/parser_json.c b/src/parser_json.c
index 827604be..19d3ad47 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2500,7 +2500,7 @@ static struct cmd *json_parse_cmd_add_rule(struct json_ctx *ctx, json_t *root,
 
 static int string_to_nft_object(const char *str)
 {
-	const char *obj_tbl[] = {
+	const char *obj_tbl[__NFT_OBJECT_MAX] = {
 		[NFT_OBJECT_COUNTER] = "counter",
 		[NFT_OBJECT_QUOTA] = "quota",
 		[NFT_OBJECT_CT_HELPER] = "ct helper",
@@ -2509,8 +2509,8 @@ static int string_to_nft_object(const char *str)
 	};
 	unsigned int i;
 
-	for (i = 1; i < array_size(obj_tbl); i++) {
-		if (!strcmp(str, obj_tbl[i]))
+	for (i = 0; i < NFT_OBJECT_MAX; i++) {
+		if (obj_tbl[i] && !strcmp(str, obj_tbl[i]))
 			return i;
 	}
 	return 0;