diff options
author | Eric Jallot <ejallot@gmail.com> | 2019-09-16 12:24:44 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-09-16 15:53:42 +0200 |
commit | 8f85f5c874dafbc88979199c0181b2642d9fd23a (patch) | |
tree | 37c5be02886a61f7e7a9e72943524addcfc4f395 /src | |
parent | 5b37479b42b338d99d938c56d5d752145b0d9331 (diff) |
src: parser_json: fix crash while restoring secmark object
Before patch:
# nft -j list ruleset | tee rules.json | jq '.'
{
"nftables": [
{
"metainfo": {
"version": "0.9.2",
"release_name": "Scram",
"json_schema_version": 1
}
},
{
"table": {
"family": "inet",
"name": "t",
"handle": 11
}
},
{
"secmark": {
"family": "inet",
"name": "s",
"table": "t",
"handle": 1,
"context": "system_u:object_r:ssh_server_packet_t:s0"
}
}
]
}
# nft flush ruleset
# nft -j -f rules.json
Segmentation fault
Use "&tmp" instead of "tmp" in json_unpack() while translating "context" keyword.
After patch:
# nft -j -f rules.json
# nft list ruleset
table inet t {
secmark s {
"system_u:object_r:ssh_server_packet_t:s0"
}
}
Fixes: 3bc84e5c1fdd1 ("src: add support for setting secmark")
Signed-off-by: Eric Jallot <ejallot@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/parser_json.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/parser_json.c b/src/parser_json.c index 5dd410af..bc29dedf 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -3093,7 +3093,7 @@ static struct cmd *json_parse_cmd_add_object(struct json_ctx *ctx, break; case CMD_OBJ_SECMARK: obj->type = NFT_OBJECT_SECMARK; - if (!json_unpack(root, "{s:s}", "context", tmp)) { + if (!json_unpack(root, "{s:s}", "context", &tmp)) { int ret; ret = snprintf(obj->secmark.ctx, sizeof(obj->secmark.ctx), "%s", tmp); if (ret < 0 || ret >= (int)sizeof(obj->secmark.ctx)) { |