parser_bison: fix memory leaks on hookspec error processing

commit d755c2a3ae7fe8272321a1d81eafbd90052c4f14 upstream.

prio_spec may contain an embedded expression, release it.
We also need to release the device expr and the hook string.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index aa3c3f4cc1c228ddf82cfd208245726b0943baf3..4832b612a6125d19ead1b912f6f5d177c2b39e68 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -693,6 +693,8 @@ int nft_lex(void *, void *, void *);
 %type <val>                    family_spec family_spec_explicit
 %type <val32>                  int_num chain_policy
 %type <prio_spec>              extended_prio_spec prio_spec
+%destructor { expr_free($$.expr); } extended_prio_spec prio_spec
+
 %type <string>                 extended_prio_name quota_unit   basehook_device_name
 %destructor { xfree($$); }     extended_prio_name quota_unit   basehook_device_name
 
@@ -2462,6 +2464,9 @@ hook_spec         :       TYPE            close_scope_type        STRING          HOOK            STRING          dev_spec        prio_spec
                                        erec_queue(error(&@3, "unknown chain type"),
                                                   state->msgs);
                                        xfree($3);
+                                       xfree($5);
+                                       expr_free($6);
+                                       expr_free($7.expr);
                                        YYERROR;
                                }
                                $<chain>0->type.loc = @3;
@@ -2475,6 +2480,8 @@ hook_spec         :       TYPE            close_scope_type        STRING          HOOK            STRING          dev_spec        prio_spec
                                        erec_queue(error(&@5, "unknown chain hook"),
                                                   state->msgs);
                                        xfree($5);
+                                       expr_free($6);
+                                       expr_free($7.expr);
                                        YYERROR;
                                }
                                xfree($5);

diff --git a/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error b/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error
new file mode 100644 (file)
index 0000000..6f52658
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error
@@ -0,0 +1,21 @@
+table ip filter {
+       ct expectation ctexpect {
+               protocol tcp
+               size 12
+               l3proto ip
+       } . inet_proto : mark
+               flags interval,timeout
+       }
+
+       chain output {
+               type gilter hook output priori
+
+       chain c {
+               cttable inet filter {
+       map test {
+               type mark . inet_service . inet_proto : mark
+               flags interval,timeout
+       }
+
+       chain output {
+               type gilter hook output priority filuer; policy 
\ No newline at end of file