[nft PATCH] parser_json: Disallow ct helper as type to map to

[nft PATCH] parser_json: Disallow ct helper as type to map to

[Phil Sutter]

When creating a map, users may either map dtype:dtype or dtype:object.
In the second case, only counter, quota, limit and secmark is allowed by
bison, but JSON parser wasn't as strict, allowing ct helper as well.
Remove that to avoid undefined behaviour.

Fixes: 586ad210368b7 ("libnftables: Implement JSON parser")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 src/parser_json.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/parser_json.c b/src/parser_json.c
index 19d3ad4728130..53017935eba53 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2503,7 +2503,6 @@ static int string_to_nft_object(const char *str)
 	const char *obj_tbl[__NFT_OBJECT_MAX] = {
 		[NFT_OBJECT_COUNTER] = "counter",
 		[NFT_OBJECT_QUOTA] = "quota",
-		[NFT_OBJECT_CT_HELPER] = "ct helper",
 		[NFT_OBJECT_LIMIT] = "limit",
 		[NFT_OBJECT_SECMARK] = "secmark",
 	};
-- 
2.21.0

Re: [nft PATCH] parser_json: Disallow ct helper as type to map to

[Pablo Neira Ayuso]

On Thu, Apr 11, 2019 at 12:38:51PM +0200, Phil Sutter wrote:
> When creating a map, users may either map dtype:dtype or dtype:object.
> In the second case, only counter, quota, limit and secmark is allowed by
> bison, but JSON parser wasn't as strict, allowing ct helper as well.
> Remove that to avoid undefined behaviour.

Applied, thanks Phil.