Hi Florian,
On Mon, Mar 24, 2025 at 12:52:58PM +0100, Florian Westphal wrote:
> Don't rely on a successful evaluation of set->key.
> With this input, set->key fails validation but subsequent
> element evaluation asserts because the context points at
> the set key -- an empty concatenation.
>
> Causes:
> nft: src/evaluate.c:1681: expr_evaluate_concat: Assertion `!list_empty(&ctx->ectx.key->expressions)' failed.
>
> After patch:
> internal:0:0-0: Error: unqualified type specified in set definition. Try "typeof expression" instead of "type datatype".
> internal:0:0-0: Error: Could not parse symbolic invalid expression
Maybe block this from the json parser itself?
diff --git a/src/parser_json.c b/src/parser_json.c
index 17bc38b565ae..8d5aa480ae04 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -3395,6 +3395,14 @@ static struct cmd *json_parse_cmd_add_set(struct json_ctx *ctx, json_t *root,
return NULL;
}
+ if (set->key->etype == EXPR_CONCAT &&
+ list_empty(&set->key->expressions)) {
+ json_error(ctx, "Empty set type.");
+ set_free(set);
+ handle_free(&h);
+ return NULL;
+ }
+
if (!json_unpack(root, "{s:o}", "map", &tmp)) {
if (json_is_string(tmp)) {
const char *s = json_string_value(tmp);
