]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 85952d0) | patch
parser_bison: fix ct scope underflow if ct helper section is duplicated
authorFlorian Westphal <fw@strlen.de>
Tue, 12 Dec 2023 09:22:58 +0000 (10:22 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 22 Jan 2025 23:41:53 +0000 (00:41 +0100)
commit8f33e275ac5e74731b1401c6d8ab7abd82457491
treef3b7504d65f4e70ae350d99fe133926e14559fbetree | snapshot
parent85952d0cbe9afb07923adf44d1e2e4a483f421abcommit | diff
parser_bison: fix ct scope underflow if ct helper section is duplicated

commit 037d58a27d675802286aafb23e409b8c1d3eef56 upstream.

table inet filter {
ct helper sip-5060u {
type "sip" protocol udp
l3proto ip
}5060t {
type "sip" protocol tcp
l3pownerip
}

Will close the 'ct' scope twice, it has to be closed AFTER the separator
has been parsed.

While not strictly needed, also error out if the protocol is already
given, this provides a better error description.

Also make sure we release the string in all error branches.

Signed-off-by: Florian Westphal <fw@strlen.de>
src/parser_bison.y diff | blob | blame | history
tests/shell/testcases/bogons/nft-f/ct_helper_yystate_underflow [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables