|
 |
bacbc8 |
From cc4fa3ebfd8bbb18e17711f8ec122043340a1680 Mon Sep 17 00:00:00 2001
|
|
|
bacbc8 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
bacbc8 |
Date: Mon, 27 May 2019 13:37:00 +0200
|
|
|
bacbc8 |
Subject: [PATCH] parser_json: Fix and simplify verdict expression parsing
|
|
|
bacbc8 |
|
|
|
bacbc8 |
Parsing of the "target" property was flawed in two ways:
|
|
|
bacbc8 |
|
|
|
bacbc8 |
* The value was extracted twice. Drop the first unconditional one.
|
|
|
bacbc8 |
* Expression allocation required since commit f1e8a129ee428 was broken,
|
|
|
bacbc8 |
The expression was allocated only if the property was not present.
|
|
|
bacbc8 |
|
|
|
bacbc8 |
Fixes: f1e8a129ee428 ("src: Introduce chain_expr in jump and goto statements")
|
|
|
bacbc8 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
bacbc8 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
bacbc8 |
(cherry picked from commit c34ad1653ff98db5d1ddceab663401055ac7ae4c)
|
|
|
bacbc8 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
bacbc8 |
---
|
|
|
bacbc8 |
src/parser_json.c | 25 +++++++++++++------------
|
|
|
bacbc8 |
1 file changed, 13 insertions(+), 12 deletions(-)
|
|
|
bacbc8 |
|
|
|
bacbc8 |
diff --git a/src/parser_json.c b/src/parser_json.c
|
|
|
bacbc8 |
index b62c4125a0144..7e4da4838e40b 100644
|
|
|
bacbc8 |
--- a/src/parser_json.c
|
|
|
bacbc8 |
+++ b/src/parser_json.c
|
|
|
bacbc8 |
@@ -999,13 +999,22 @@ static struct expr *json_parse_range_expr(struct json_ctx *ctx,
|
|
|
bacbc8 |
return range_expr_alloc(int_loc, expr_low, expr_high);
|
|
|
bacbc8 |
}
|
|
|
bacbc8 |
|
|
|
bacbc8 |
+static struct expr *json_alloc_chain_expr(const char *chain)
|
|
|
bacbc8 |
+{
|
|
|
bacbc8 |
+ if (!chain)
|
|
|
bacbc8 |
+ return NULL;
|
|
|
bacbc8 |
+
|
|
|
bacbc8 |
+ return constant_expr_alloc(int_loc, &string_type, BYTEORDER_HOST_ENDIAN,
|
|
|
bacbc8 |
+ NFT_CHAIN_MAXNAMELEN * BITS_PER_BYTE, chain);
|
|
|
bacbc8 |
+}
|
|
|
bacbc8 |
+
|
|
|
bacbc8 |
static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
|
|
|
bacbc8 |
const char *type, json_t *root)
|
|
|
bacbc8 |
{
|
|
|
bacbc8 |
const struct {
|
|
|
bacbc8 |
int verdict;
|
|
|
bacbc8 |
const char *name;
|
|
|
bacbc8 |
- bool chain;
|
|
|
bacbc8 |
+ bool need_chain;
|
|
|
bacbc8 |
} verdict_tbl[] = {
|
|
|
bacbc8 |
{ NFT_CONTINUE, "continue", false },
|
|
|
bacbc8 |
{ NFT_JUMP, "jump", true },
|
|
|
bacbc8 |
@@ -1014,27 +1023,19 @@ static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
|
|
|
bacbc8 |
{ NF_ACCEPT, "accept", false },
|
|
|
bacbc8 |
{ NF_DROP, "drop", false },
|
|
|
bacbc8 |
};
|
|
|
bacbc8 |
- struct expr *chain_expr = NULL;
|
|
|
bacbc8 |
const char *chain = NULL;
|
|
|
bacbc8 |
unsigned int i;
|
|
|
bacbc8 |
|
|
|
bacbc8 |
- json_unpack(root, "{s:s}", "target", &chain);
|
|
|
bacbc8 |
- if (!chain)
|
|
|
bacbc8 |
- chain_expr = constant_expr_alloc(int_loc, &string_type,
|
|
|
bacbc8 |
- BYTEORDER_HOST_ENDIAN,
|
|
|
bacbc8 |
- NFT_CHAIN_MAXNAMELEN *
|
|
|
bacbc8 |
- BITS_PER_BYTE, chain);
|
|
|
bacbc8 |
-
|
|
|
bacbc8 |
for (i = 0; i < array_size(verdict_tbl); i++) {
|
|
|
bacbc8 |
if (strcmp(type, verdict_tbl[i].name))
|
|
|
bacbc8 |
continue;
|
|
|
bacbc8 |
|
|
|
bacbc8 |
- if (verdict_tbl[i].chain &&
|
|
|
bacbc8 |
+ if (verdict_tbl[i].need_chain &&
|
|
|
bacbc8 |
json_unpack_err(ctx, root, "{s:s}", "target", &chain))
|
|
|
bacbc8 |
return NULL;
|
|
|
bacbc8 |
|
|
|
bacbc8 |
- return verdict_expr_alloc(int_loc,
|
|
|
bacbc8 |
- verdict_tbl[i].verdict, chain_expr);
|
|
|
bacbc8 |
+ return verdict_expr_alloc(int_loc, verdict_tbl[i].verdict,
|
|
|
bacbc8 |
+ json_alloc_chain_expr(chain));
|
|
|
bacbc8 |
}
|
|
|
bacbc8 |
json_error(ctx, "Unknown verdict '%s'.", type);
|
|
|
bacbc8 |
return NULL;
|
|
|
bacbc8 |
--
|
|
|
bacbc8 |
2.21.0
|
|
|
bacbc8 |
|