fw-addr-lists: check last character of line for JSONHEAD main

This is not a proof, but a line also ending with a curly bracket has higher probability of being valid JSON. Better safe than sorry... We are suffering a CVE in RouterOS: https://www.cve.org/CVERecord?id=CVE-2025-10948
author: Christian Hesse <mail@eworm.de> 2025-10-02 11:51:08 +0200
committer: Christian Hesse <mail@eworm.de> 2025-10-02 11:51:08 +0200
commit: 48d0f1f0b94fe6538bec54559e6e1f1609877039 (patch)
tree: a964726ec9087cfea5b0b6b7909dd31886794b20
parent: a931cb61a033949a9cc6a1b62bc1e267774b04a6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc
index 0c45f7e..d56d40f 100644
--- a/fw-addr-lists.rsc
+++ b/fw-addr-lists.rsc
@@ -103,7 +103,7 @@
       :foreach Line in=[ :deserialize $Data delimiter="\n" from=dsv options=dsv.plain ] do={
         :set Line ($Line->0);
         :local Address;
-        :if ([ :pick $Line 0 1 ] = "{") do={
+        :if ([ :pick $Line 0 1 ] = "{" && [ :pick $Line ([ :len $Line ] - 1) ] = "}") do={
           :do {
             :set Address [ :tostr ([ :deserialize from=json $Line ]->"cidr") ];
           } on-error={ }
author	Christian Hesse <mail@eworm.de>	2025-10-02 11:51:08 +0200
committer	Christian Hesse <mail@eworm.de>	2025-10-02 11:51:08 +0200
commit	48d0f1f0b94fe6538bec54559e6e1f1609877039 (patch)
tree	a964726ec9087cfea5b0b6b7909dd31886794b20
parent	a931cb61a033949a9cc6a1b62bc1e267774b04a6 (diff)