aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2025-10-02 11:51:08 +0200
committerGravatar Christian Hesse <mail@eworm.de>2025-10-02 11:51:08 +0200
commit48d0f1f0b94fe6538bec54559e6e1f1609877039 (patch)
treea964726ec9087cfea5b0b6b7909dd31886794b20
parenta931cb61a033949a9cc6a1b62bc1e267774b04a6 (diff)
fw-addr-lists: check last character of line for JSONHEADmain
This is not a proof, but a line also ending with a curly bracket has higher probability of being valid JSON. Better safe than sorry... We are suffering a CVE in RouterOS: https://www.cve.org/CVERecord?id=CVE-2025-10948
-rw-r--r--fw-addr-lists.rsc2
1 files changed, 1 insertions, 1 deletions
diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc
index 0c45f7e..d56d40f 100644
--- a/fw-addr-lists.rsc
+++ b/fw-addr-lists.rsc
@@ -103,7 +103,7 @@
:foreach Line in=[ :deserialize $Data delimiter="\n" from=dsv options=dsv.plain ] do={
:set Line ($Line->0);
:local Address;
- :if ([ :pick $Line 0 1 ] = "{") do={
+ :if ([ :pick $Line 0 1 ] = "{" && [ :pick $Line ([ :len $Line ] - 1) ] = "}") do={
:do {
:set Address [ :tostr ([ :deserialize from=json $Line ]->"cidr") ];
} on-error={ }