]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9fbc77c)
parser_bison: fix UaF when reporting table parse error
authorFlorian Westphal <fw@strlen.de>
Tue, 7 Jan 2025 22:55:06 +0000 (23:55 +0100)
committerFlorian Westphal <fw@strlen.de>
Wed, 8 Jan 2025 11:29:13 +0000 (12:29 +0100)
It passed already-freed memory to erec function.  Found with afl++ and asan.

Fixes: 4955ae1a81b7 ("Add support for table's persist flag")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/parser_bison.y patch | blob | blame | history

diff --git a/src/parser_bison.y b/src/parser_bison.y
index e107ddfd3e4e226b93fac791c5f8c5167f08b24a..31ccc5e23c31e30af68ec8d82ace7dcb985d76b0 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1940,12 +1940,14 @@ table_flags             :       table_flag
 table_flag             :       STRING
                        {
                                $$ = parse_table_flag($1);
-                               free_const($1);
                                if ($$ == 0) {
                                        erec_queue(error(&@1, "unknown table option %s", $1),
                                                   state->msgs);
+                                       free_const($1);
                                        YYERROR;
                                }
+
+                               free_const($1);
                        }
                        ;
 
Mirror of git://git.netfilter.org/nftables