* [PATCH nft v2] src: parser_json: fix crash while restoring secmark object
@ 2019-09-16 10:24 Eric Jallot
0 siblings, 0 replies; only message in thread
From: Eric Jallot @ 2019-09-16 10:24 UTC (permalink / raw)
To: netfilter-devel; +Cc: Eric Jallot
Before patch:
# nft -j list ruleset | tee rules.json | jq '.'
{
"nftables": [
{
"metainfo": {
"version": "0.9.2",
"release_name": "Scram",
"json_schema_version": 1
}
},
{
"table": {
"family": "inet",
"name": "t",
"handle": 11
}
},
{
"secmark": {
"family": "inet",
"name": "s",
"table": "t",
"handle": 1,
"context": "system_u:object_r:ssh_server_packet_t:s0"
}
}
]
}
# nft flush ruleset
# nft -j -f rules.json
Segmentation fault
Use "&tmp" instead of "tmp" in json_unpack() while translating "context" keyword.
After patch:
# nft -j -f rules.json
# nft list ruleset
table inet t {
secmark s {
"system_u:object_r:ssh_server_packet_t:s0"
}
}
Fixes: 3bc84e5c1fdd1 ("src: add support for setting secmark")
Signed-off-by: Eric Jallot <ejallot@gmail.com>
---
v1: Initial patch.
v2: Missing table creation. Use 'ruleset' instead of 'secmarks' to dump rules.
src/parser_json.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parser_json.c b/src/parser_json.c
index 5dd410af4b07..bc29dedf5b4c 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -3093,7 +3093,7 @@ static struct cmd *json_parse_cmd_add_object(struct json_ctx *ctx,
break;
case CMD_OBJ_SECMARK:
obj->type = NFT_OBJECT_SECMARK;
- if (!json_unpack(root, "{s:s}", "context", tmp)) {
+ if (!json_unpack(root, "{s:s}", "context", &tmp)) {
int ret;
ret = snprintf(obj->secmark.ctx, sizeof(obj->secmark.ctx), "%s", tmp);
if (ret < 0 || ret >= (int)sizeof(obj->secmark.ctx)) {
--
2.11.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-09-16 10:24 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-16 10:24 [PATCH nft v2] src: parser_json: fix crash while restoring secmark object Eric Jallot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).