diff options
author | Thomas Haller <thaller@redhat.com> | 2023-11-14 16:29:25 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-21 15:55:56 +0100 |
commit | 8cdc78eba7792fc6b228d89198b38730a077259a (patch) | |
tree | 1b65b2ae609fbe8542f329b8503b8b03ac1c6240 | |
parent | 5b7747c3fe4ec0ab326a26ff4b171fdc1cd566b8 (diff) |
json: fix use after free in table_flags_json()
commit b04512cf30de1ba6657facba5ebe2321e17c2727 upstream.
Add `$NFT -j list ruleset` to the end of "tests/shell/testcases/transactions/table_onoff".
Then valgrind will find this issue:
$ make -j && ./tests/shell/run-tests.sh tests/shell/testcases/transactions/table_onoff -V
Gives:
==286== Invalid read of size 4
==286== at 0x49B0261: do_dump (dump.c:211)
==286== by 0x49B08B8: do_dump (dump.c:378)
==286== by 0x49B08B8: do_dump (dump.c:378)
==286== by 0x49B04F7: do_dump (dump.c:273)
==286== by 0x49B08B8: do_dump (dump.c:378)
==286== by 0x49B0E84: json_dump_callback (dump.c:465)
==286== by 0x48AF22A: do_command_list_json (json.c:2016)
==286== by 0x48732F1: do_command_list (rule.c:2335)
==286== by 0x48737F5: do_command (rule.c:2605)
==286== by 0x48A867D: nft_netlink (libnftables.c:42)
==286== by 0x48A92B1: nft_run_cmd_from_buffer (libnftables.c:597)
==286== by 0x402CBA: main (main.c:533)
Fixes: e70354f53e9f ("libnftables: Implement JSON output support")
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/json.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -483,7 +483,7 @@ static json_t *table_flags_json(const struct table *table) json_decref(root); return NULL; case 1: - json_unpack(root, "[o]", &tmp); + json_unpack(root, "[O]", &tmp); json_decref(root); root = tmp; break; |