83 lines
2.6 KiB
Diff
83 lines
2.6 KiB
Diff
From cc4fa3ebfd8bbb18e17711f8ec122043340a1680 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Mon, 27 May 2019 13:37:00 +0200
|
|
Subject: [PATCH] parser_json: Fix and simplify verdict expression parsing
|
|
|
|
Parsing of the "target" property was flawed in two ways:
|
|
|
|
* The value was extracted twice. Drop the first unconditional one.
|
|
* Expression allocation required since commit f1e8a129ee428 was broken,
|
|
The expression was allocated only if the property was not present.
|
|
|
|
Fixes: f1e8a129ee428 ("src: Introduce chain_expr in jump and goto statements")
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
(cherry picked from commit c34ad1653ff98db5d1ddceab663401055ac7ae4c)
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
---
|
|
src/parser_json.c | 25 +++++++++++++------------
|
|
1 file changed, 13 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/src/parser_json.c b/src/parser_json.c
|
|
index b62c4125a0144..7e4da4838e40b 100644
|
|
--- a/src/parser_json.c
|
|
+++ b/src/parser_json.c
|
|
@@ -999,13 +999,22 @@ static struct expr *json_parse_range_expr(struct json_ctx *ctx,
|
|
return range_expr_alloc(int_loc, expr_low, expr_high);
|
|
}
|
|
|
|
+static struct expr *json_alloc_chain_expr(const char *chain)
|
|
+{
|
|
+ if (!chain)
|
|
+ return NULL;
|
|
+
|
|
+ return constant_expr_alloc(int_loc, &string_type, BYTEORDER_HOST_ENDIAN,
|
|
+ NFT_CHAIN_MAXNAMELEN * BITS_PER_BYTE, chain);
|
|
+}
|
|
+
|
|
static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
|
|
const char *type, json_t *root)
|
|
{
|
|
const struct {
|
|
int verdict;
|
|
const char *name;
|
|
- bool chain;
|
|
+ bool need_chain;
|
|
} verdict_tbl[] = {
|
|
{ NFT_CONTINUE, "continue", false },
|
|
{ NFT_JUMP, "jump", true },
|
|
@@ -1014,27 +1023,19 @@ static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
|
|
{ NF_ACCEPT, "accept", false },
|
|
{ NF_DROP, "drop", false },
|
|
};
|
|
- struct expr *chain_expr = NULL;
|
|
const char *chain = NULL;
|
|
unsigned int i;
|
|
|
|
- json_unpack(root, "{s:s}", "target", &chain);
|
|
- if (!chain)
|
|
- chain_expr = constant_expr_alloc(int_loc, &string_type,
|
|
- BYTEORDER_HOST_ENDIAN,
|
|
- NFT_CHAIN_MAXNAMELEN *
|
|
- BITS_PER_BYTE, chain);
|
|
-
|
|
for (i = 0; i < array_size(verdict_tbl); i++) {
|
|
if (strcmp(type, verdict_tbl[i].name))
|
|
continue;
|
|
|
|
- if (verdict_tbl[i].chain &&
|
|
+ if (verdict_tbl[i].need_chain &&
|
|
json_unpack_err(ctx, root, "{s:s}", "target", &chain))
|
|
return NULL;
|
|
|
|
- return verdict_expr_alloc(int_loc,
|
|
- verdict_tbl[i].verdict, chain_expr);
|
|
+ return verdict_expr_alloc(int_loc, verdict_tbl[i].verdict,
|
|
+ json_alloc_chain_expr(chain));
|
|
}
|
|
json_error(ctx, "Unknown verdict '%s'.", type);
|
|
return NULL;
|
|
--
|
|
2.21.0
|
|
|