The bison parser doesn't allow this to happen due to grammar
restrictions, but the json input has no such issues.
The bogon input assigns 'notrack' which triggers:
BUG: unknown stateful statement type 19
nft: src/netlink_linearize.c:1061: netlink_gen_stmt_stateful: Assertion `0' failed.
After patch, we get:
Error: map statement must be stateful
Fixes: 07958ec53830 ("json: add set statement list support")
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/evaluate.c | 5 ++-
.../unkown_stateful_statement_type_19_assert | 34 +++++++++++++++++++
2 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 tests/shell/testcases/bogons/nft-j-f/unkown_stateful_statement_type_19_assert
diff --git a/src/evaluate.c b/src/evaluate.c
index e9ab829b6bbb..f73edc916406 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5157,8 +5157,11 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
if (set->timeout)
set->flags |= NFT_SET_TIMEOUT;
- list_for_each_entry(stmt, &set->stmt_list, list)
+ list_for_each_entry(stmt, &set->stmt_list, list) {
+ if (stmt_evaluate_stateful(ctx, stmt,type) < 0)
+ return -1;
num_stmts++;
+ }
if (num_stmts > 1)
set->flags |= NFT_SET_EXPR;
diff --git a/tests/shell/testcases/bogons/nft-j-f/unkown_stateful_statement_type_19_assert b/tests/shell/testcases/bogons/nft-j-f/unkown_stateful_statement_type_19_assert
new file mode 100644
index 000000000000..e8a0f768d754
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-j-f/unkown_stateful_statement_type_19_assert
@@ -0,0 +1,34 @@
+{
+ "nftables": [
+ {
+ "metainfo": {
+ "version": "VERSION",
+ "release_name": "RELEASE_NAME",
+ "json_schema_version": 1
+ }
+ },
+ {
+ "table": {
+ "family": "ip",
+ "name": "t",
+ "handle": 0
+ }
+ },
+ {
+ "map": {
+ "family": "ip",
+ "name": "m",
+ "table": "t",
+ "type": "ipv4_addr",
+ "handle": 0,
+ "map": "mark",
+ "stmt": [
+ {
+ "notrack": null
+ }
+ ]
+ }
+ }
+ ]
+}
+
--
2.49.0
