json: fix error propagation when parsing binop lhs/rhs

Malformed input returns NULL when decoding left/right side of binop. This causes a NULL dereference in expr_evaluate_binop; left/right must point to a valid expression. Fix this in the parser, else would have to sprinkle NULL checks all over the evaluation code. After fix, loading the bogon yields: internal:0:0-0: Error: Malformed object (too many properties): '{}'. internal:0:0-0: Error: could not decode binop rhs, '<<'. internal:0:0-0: Error: Invalid mangle statement value internal:0:0-0: Error: Parsing expr array at index 1 failed. internal:0:0-0: Error: Parsing command array at index 3 failed. Fixes: 0ac39384fd9e ("json: Accept more than two operands in binary expressions") Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2025-03-31 14:27:47 +0200
committer: Florian Westphal <fw@strlen.de> 2025-03-31 14:29:37 +0200
commit: 1b6470ab1c4eff46986e65db1b69278f13c26666 (patch)
tree: 85d4d5fee27d0bf7a40c1338ec580814e0be170f /tests/shell
parent: 125aafd175605e1c0912d51314491dec8e807be2 (diff)
1 files changed, 76 insertions, 0 deletions
diff --git a/tests/shell/testcases/bogons/nft-j-f/binop_rhs_decode_error_crash b/tests/shell/testcases/bogons/nft-j-f/binop_rhs_decode_error_crash
new file mode 100644
index 00000000..8b5b7290
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-j-f/binop_rhs_decode_error_crash
@@ -0,0 +1,76 @@
+{
+  "nftables": [
+    {
+      "metainfo": {
+        "version": "VERSION",
+        "release_name": "RELEASE_NAME",
+        "json_schema_version": 1
+      }
+    },
+    {
+      "table": {
+        "family": "ip",
+        "name": "t",
+        "handle": 0
+      }
+    },
+    {
+      "chain": {
+        "family": "ip",
+        "table": "t",
+        "name": "c",
+        "handle": 0,
+        "type": "filter",
+        "hook": "output",
+        "prio": 0,
+        "policy": "accept"
+      }
+    },
+    {
+      "rule": {
+        "family": "ip",
+        "table": "t",
+        "chain": "c",
+        "handle": 0,
+        "expr": [
+          {
+            "match": {
+              "op": "==",
+              "left": {
+                "meta": {
+                  "key": "oif"
+                }
+              },
+              "right": "lo"
+            }
+          },
+          {
+            "mangle": {
+              "key": {
+                "ct": {
+                  "key": "mark"
+                }
+              },
+              "value": {
+                "<<": [
+                  {
+                    "|": [
+                      {
+                        "meta": {
+                          "key": "mark"
+                        }
+                      },
+                      16
+                    ]
+                  },
+                  {  },
+                  8
+                ]
+              }
+            }
+          }
+        ]
+      }
+    }
+  ]
+}
author	Florian Westphal <fw@strlen.de>	2025-03-31 14:27:47 +0200
committer	Florian Westphal <fw@strlen.de>	2025-03-31 14:29:37 +0200
commit	1b6470ab1c4eff46986e65db1b69278f13c26666 (patch)
tree	85d4d5fee27d0bf7a40c1338ec580814e0be170f /tests/shell
parent	125aafd175605e1c0912d51314491dec8e807be2 (diff)