Before patch: # nft -j list secmarks | tee rules.json | jq '.' { "nftables": [ { "metainfo": { "version": "0.9.2", "release_name": "Scram", "json_schema_version": 1 } }, { "secmark": { "family": "inet", "name": "s", "table": "t", "handle": 1, "context": "system_u:object_r:ssh_server_packet_t:s0" } } ] } # nft flush ruleset # nft -j -f rules.json Segmentation fault Use "&tmp" instead of "tmp" in json_unpack() while translating "context" keyword. After patch: # nft -j -f rules.json # nft list secmarks table inet t { secmark s { "system_u:object_r:ssh_server_packet_t:s0" } } Fixes: 3bc84e5c1fdd1 ("src: add support for setting secmark") Signed-off-by: Eric Jallot <ejallot@xxxxxxxxx> --- src/parser_json.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/parser_json.c b/src/parser_json.c index 5dd410af4b07..bc29dedf5b4c 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -3093,7 +3093,7 @@ static struct cmd *json_parse_cmd_add_object(struct json_ctx *ctx, break; case CMD_OBJ_SECMARK: obj->type = NFT_OBJECT_SECMARK; - if (!json_unpack(root, "{s:s}", "context", tmp)) { + if (!json_unpack(root, "{s:s}", "context", &tmp)) { int ret; ret = snprintf(obj->secmark.ctx, sizeof(obj->secmark.ctx), "%s", tmp); if (ret < 0 || ret >= (int)sizeof(obj->secmark.ctx)) { -- 2.11.0