nft should ignore malformed or missing entries of `json_schema_version` but check the value when it is integer. Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1490 Fixes: 49e0f1dc6 ("JSON: Add metainfo object to all output") Signed-off-by: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> --- src/parser_json.c | 15 ++++++++------- .../testcases/json/0003json_schema_version_0 | 9 +++++++++ .../testcases/json/0004json_schema_version_1 | 11 +++++++++++ .../json/dumps/0003json_schema_version_0.nft | 0 .../json/dumps/0004json_schema_version_1.nft | 0 5 files changed, 28 insertions(+), 7 deletions(-) create mode 100755 tests/shell/testcases/json/0003json_schema_version_0 create mode 100755 tests/shell/testcases/json/0004json_schema_version_1 create mode 100644 tests/shell/testcases/json/dumps/0003json_schema_version_0.nft create mode 100644 tests/shell/testcases/json/dumps/0004json_schema_version_1.nft diff --git a/src/parser_json.c b/src/parser_json.c index fc72c25f..b14f545f 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -3859,13 +3859,14 @@ static int json_verify_metainfo(struct json_ctx *ctx, json_t *root) { int schema_version; - if (!json_unpack(root, "{s:i}", "json_schema_version", &schema_version)) - return 0; - - if (schema_version > JSON_SCHEMA_VERSION) { - json_error(ctx, "Schema version %d not supported, maximum supported version is %d\n", - schema_version, JSON_SCHEMA_VERSION); - return 1; + if (!json_unpack(root, "{s:i}", "json_schema_version", &schema_version)) { + if (schema_version > JSON_SCHEMA_VERSION) { + json_error(ctx, + "Schema version %d not supported, maximum" + " supported version is %d\n", + schema_version, JSON_SCHEMA_VERSION); + return 1; + } } return 0; diff --git a/tests/shell/testcases/json/0003json_schema_version_0 b/tests/shell/testcases/json/0003json_schema_version_0 new file mode 100755 index 00000000..0ccf94c8 --- /dev/null +++ b/tests/shell/testcases/json/0003json_schema_version_0 @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +$NFT flush ruleset + +RULESET='{"nftables": [{"metainfo": {"json_schema_version": 1}}]}' + +$NFT -j -f - <<< $RULESET diff --git a/tests/shell/testcases/json/0004json_schema_version_1 b/tests/shell/testcases/json/0004json_schema_version_1 new file mode 100755 index 00000000..bc451ae7 --- /dev/null +++ b/tests/shell/testcases/json/0004json_schema_version_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT flush ruleset + +RULESET='{"nftables": [{"metainfo": {"json_schema_version": 999}}]}' + +$NFT -j -f - <<< $RULESET && exit 1 + +exit 0 diff --git a/tests/shell/testcases/json/dumps/0003json_schema_version_0.nft b/tests/shell/testcases/json/dumps/0003json_schema_version_0.nft new file mode 100644 index 00000000..e69de29b diff --git a/tests/shell/testcases/json/dumps/0004json_schema_version_1.nft b/tests/shell/testcases/json/dumps/0004json_schema_version_1.nft new file mode 100644 index 00000000..e69de29b -- 2.30.2
