From: Pablo Neira Ayuso Date: Thu, 11 Jan 2024 21:04:27 +0000 (+0100) Subject: evaluate: release key expression in error path of implicit map with unknown datatype X-Git-Tag: v1.1.0~125 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4622a8c6372ccf3103e38d1f15227eadb0485f54;p=thirdparty%2Fnftables.git evaluate: release key expression in error path of implicit map with unknown datatype Detected when running: # nft -f tests/shell/testcases/bogons/nft-f/mapping_with_invalid_datatype_crash ==382584==ERROR: LeakSanitizer: detected memory leaks Direct leak of 144 byte(s) in 1 object(s) allocated from: #0 0x7fde06ca9e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x7fde062924af in xmalloc src/utils.c:31 #2 0x7fde0629266c in xzalloc src/utils.c:70 #3 0x7fde06167299 in expr_alloc src/expression.c:46 #4 0x7fde0616b014 in constant_expr_alloc src/expression.c:420 #5 0x7fde06128e43 in expr_evaluate_map src/evaluate.c:2027 #6 0x7fde06137b06 in expr_evaluate src/evaluate.c:2891 #7 0x7fde06132417 in expr_evaluate_relational src/evaluate.c:2497 #8 0x7fde06137b36 in expr_evaluate src/evaluate.c:2895 #9 0x7fde06137d5f in stmt_evaluate_expr src/evaluate.c:2914 #10 0x7fde061524c8 in stmt_evaluate src/evaluate.c:4646 #11 0x7fde0615c9ee in rule_evaluate src/evaluate.c:5202 #12 0x7fde061600c7 in cmd_evaluate_add src/evaluate.c:5422 Fixes: 70054e6e1c87 ("evaluate: catch implicit map expressions without known datatype") Signed-off-by: Pablo Neira Ayuso --- diff --git a/src/evaluate.c b/src/evaluate.c index e890585e..6c29579f 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2057,9 +2057,11 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr) ctx->ectx.len, NULL); } - if (!ectx.dtype) + if (!ectx.dtype) { + expr_free(key); return expr_error(ctx->msgs, map, "Implicit map expression without known datatype"); + } if (ectx.dtype->type == TYPE_VERDICT) { data = verdict_expr_alloc(&netlink_location, 0, NULL);