diff options
| author | Phil Sutter <phil@nwl.cc> | 2023-09-13 20:32:37 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-03 12:23:37 +0100 |
| commit | ff245dac04efd564d8a610acdabba30a9aa849c5 (patch) | |
| tree | a381d9f8df144da70288b4dfe6ff8e826eaf067e | |
| parent | 2837ca31aff94022d453a2126710edf51d53bad5 (diff) | |
parser_json: Catch wrong "reset" payload
commit 22febeea80043f5fe4eb1aa7723da0a0a6953802 upstream.
The statement happily accepted any valid expression as payload and
assumed it to be a tcpopt expression (actually, a special case of
exthdr). Add a check to make sure this is the case.
Standard syntax does not provide this flexibility, so no need to have
the check there as well.
Fixes: 5d837d270d5a8 ("src: add tcp option reset support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
| -rw-r--r-- | src/parser_json.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/parser_json.c b/src/parser_json.c index 762e779d..47cc652b 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -2704,7 +2704,14 @@ static struct stmt *json_parse_optstrip_stmt(struct json_ctx *ctx, { struct expr *expr = json_parse_expr(ctx, value); - return expr ? optstrip_stmt_alloc(int_loc, expr) : NULL; + if (!expr || + expr->etype != EXPR_EXTHDR || + expr->exthdr.op != NFT_EXTHDR_OP_TCPOPT) { + json_error(ctx, "Illegal TCP optstrip argument"); + return NULL; + } + + return optstrip_stmt_alloc(int_loc, expr); } static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root) |