[Bug 1490] New: incorrect handling of json_unpack return value in json_verify_metainfo

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Jan 14 19:25:10 CET 2021


https://bugzilla.netfilter.org/show_bug.cgi?id=1490

            Bug ID: 1490
           Summary: incorrect handling of json_unpack return value in
                    json_verify_metainfo
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: niels at qacafe.com

According to the libjansson documenatation, json_unpack returns 0 on success
and -1 on failure:
https://jansson.readthedocs.io/en/latest/apiref.html#c.json_unpack

However, json_verify_metainfo in src/parser_json.c calls json_unpack but treats
a non-zero return value as a failure:
https://git.netfilter.org/nftables/tree/src/parser_json.c#n3748

The documentation indicates that the metainfo object can provided as input in
order to verify that nft supports a given JSON schema version:
https://git.netfilter.org/nftables/tree/doc/libnftables-json.adoc#n66

However, the bug makes it appear that nft supports *any* schema version.  The
only way to make nft reject the schema version is to encode the
"json_schema_version" field as something other than an integer, which causes
json_verify_metainfo to compare the uninitialized local variable schema_version
against JSON_SCHEMA_VERSION, leading to a confusing error message:

# nft -jae '{"nftables": [{"metainfo": {"json_schema_version": 999}}]}'
{"nftables": [{"metainfo": {"json_schema_version": 999}}]}
# echo $?
0

# nft -jae '{"nftables": [{"metainfo": {"json_schema_version": "1"}}]}'
internal:0:0-0: Error: Schema version 31509440 not supported, maximum supported
version is 1
internal:0:0-0: Error: Metainfo verification failed.
# echo $?
1

Please let me know if I can provide any other information.  I'm using nft
v0.9.6, but it looks to me like the bug still exists in master.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20210114/a1123def/attachment.html>


More information about the netfilter-buglog mailing list