From: Pablo Neira Ayuso Date: Wed, 23 Jun 2021 11:09:53 +0000 (+0200) Subject: parser_bison: string memleak in YYERROR path X-Git-Tag: v1.0.0~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c69cc1c3cf24d30d92d4bcc9c7eba2d89ebb5766;p=thirdparty%2Fnftables.git parser_bison: string memleak in YYERROR path Release dynamically allocated string by lex from the YYERROR path, e.g. # cat test.nft table x { map test { type ipv4_addr . foo . inet_service : ipv4_addr . inet_service } } # nft -f test.nft test.nft:3:20-22: Error: unknown datatype foo type ipv4_addr . foo . inet_service : ipv4_addr . inet_service ^^^ test.nft:6-9: Error: set definition does not specify key map test { ^^^^ ==29692==ERROR: LeakSanitizer: detected memory leaks Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x7f6c869e8810 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a810) #1 0x7f6c8637f63a in xstrdup /home/test/nftables/src/utils.c:85 #2 0x7f6c8648a4d3 in nft_lex /home/test/nftables/src/scanner.l:740 Signed-off-by: Pablo Neira Ayuso --- diff --git a/src/parser_bison.y b/src/parser_bison.y index c31cc4e7..e405c80a 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -972,6 +972,7 @@ common_block : INCLUDE QUOTED_STRING stmt_separator if (symbol_unbind(scope, $2) < 0) { erec_queue(error(&@2, "undefined symbol '%s'", $2), state->msgs); + xfree($2); YYERROR; } xfree($2); @@ -2162,6 +2163,7 @@ data_type_atom_expr : type_identifier if (dtype == NULL) { erec_queue(error(&@1, "unknown datatype %s", $1), state->msgs); + xfree($1); YYERROR; } $$ = constant_expr_alloc(&@1, dtype, dtype->byteorder, @@ -2717,6 +2719,7 @@ comment_spec : COMMENT string erec_queue(error(&@2, "comment too long, %d characters maximum allowed", NFTNL_UDATA_COMMENT_MAXLEN), state->msgs); + xfree($2); YYERROR; } $$ = $2;