From 2bb74a7796ea6d7a9df64bb9d3ef57fc31b8d7b7 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 11 Apr 2019 12:38:51 +0200
Subject: parser_json: Disallow ct helper as type to map to

When creating a map, users may either map dtype:dtype or dtype:object.
In the second case, only counter, quota, limit and secmark is allowed by
bison, but JSON parser wasn't as strict, allowing ct helper as well.
Remove that to avoid undefined behaviour.

Fixes: 586ad210368b7 ("libnftables: Implement JSON parser")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_json.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/parser_json.c b/src/parser_json.c
index 19d3ad47..53017935 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2503,7 +2503,6 @@ static int string_to_nft_object(const char *str)
 	const char *obj_tbl[__NFT_OBJECT_MAX] = {
 		[NFT_OBJECT_COUNTER] = "counter",
 		[NFT_OBJECT_QUOTA] = "quota",
-		[NFT_OBJECT_CT_HELPER] = "ct helper",
 		[NFT_OBJECT_LIMIT] = "limit",
 		[NFT_OBJECT_SECMARK] = "secmark",
 	};
-- 
cgit v1.2.3