nftables/backport-parser_json-fix-crash-in-json_parse_set_stmt_list.patch

From 26d9cbefb10e6bc3765df7e9e7a4fc3b951a80f3 Mon Sep 17 00:00:00 2001
From: "Sebastian Walz (sivizius)" <sebastian.walz@secunet.com>
Date: Tue, 20 Aug 2024 00:09:26 +0200
Subject: parser_json: fix crash in json_parse_set_stmt_list

Due to missing `NULL`-check, there will be a segfault for invalid statements.

Fixes: 07958ec53830 ("json: add set statement list support")
Signed-off-by: Sebastian Walz (sivizius) <sebastian.walz@secunet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Conflict:NA
Reference:https://git.netfilter.org/nftables/commit/?id=26d9cbefb10e6bc3765df7e9e7a4fc3b951a80f3

---
 src/parser_json.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/parser_json.c b/src/parser_json.c
index d18188d8..bbe3b1c5 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2380,7 +2380,7 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 				     json_t *stmt_json)
 {
 	struct list_head *head;
-	struct stmt *tmp;
+	struct stmt *stmt;
 	json_t *value;
 	size_t index;
 
@@ -2392,9 +2392,14 @@ static void json_parse_set_stmt_list(struct json_ctx *ctx,
 
 	head = stmt_list;
 	json_array_foreach(stmt_json, index, value) {
-		tmp = json_parse_stmt(ctx, value);
-		list_add(&tmp->list, head);
-		head = &tmp->list;
+		stmt = json_parse_stmt(ctx, value);
+		if (!stmt) {
+			json_error(ctx, "Parsing set statements array at index %zd failed.", index);
+			stmt_list_free(stmt_list);
+			return;
+		}
+		list_add(&stmt->list, head);
+		head = &stmt->list;
 	}
 }
 
-- 
cgit v1.2.3