From: Florian Westphal <fw@strlen.de>
Date: Wed, 13 Dec 2023 10:18:06 +0000 (+0100)
Subject: parser_bison: fix memory leaks on hookspec error processing
X-Git-Tag: v1.0.6.1~276
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=efcd5a04ef39227ae72ed20605d69113965fcbc7;p=thirdparty%2Fnftables.git

parser_bison: fix memory leaks on hookspec error processing

commit d755c2a3ae7fe8272321a1d81eafbd90052c4f14 upstream.

prio_spec may contain an embedded expression, release it.
We also need to release the device expr and the hook string.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/parser_bison.y b/src/parser_bison.y
index aa3c3f4c..4832b612 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -693,6 +693,8 @@ int nft_lex(void *, void *, void *);
 %type <val>			family_spec family_spec_explicit
 %type <val32>			int_num	chain_policy
 %type <prio_spec>		extended_prio_spec prio_spec
+%destructor { expr_free($$.expr); } extended_prio_spec prio_spec
+
 %type <string>			extended_prio_name quota_unit	basehook_device_name
 %destructor { xfree($$); }	extended_prio_name quota_unit	basehook_device_name
 
@@ -2462,6 +2464,9 @@ hook_spec		:	TYPE		close_scope_type	STRING		HOOK		STRING		dev_spec	prio_spec
 					erec_queue(error(&@3, "unknown chain type"),
 						   state->msgs);
 					xfree($3);
+					xfree($5);
+					expr_free($6);
+					expr_free($7.expr);
 					YYERROR;
 				}
 				$<chain>0->type.loc = @3;
@@ -2475,6 +2480,8 @@ hook_spec		:	TYPE		close_scope_type	STRING		HOOK		STRING		dev_spec	prio_spec
 					erec_queue(error(&@5, "unknown chain hook"),
 						   state->msgs);
 					xfree($5);
+					expr_free($6);
+					expr_free($7.expr);
 					YYERROR;
 				}
 				xfree($5);
diff --git a/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error b/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error
new file mode 100644
index 00000000..6f52658f
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error
@@ -0,0 +1,21 @@
+table ip filter {
+	ct expectation ctexpect {
+		protocol tcp
+		size 12
+		l3proto ip
+	} . inet_proto : mark
+		flags interval,timeout
+	}
+
+	chain output {
+		type gilter hook output priori
+
+	chain c {
+		cttable inet filter {
+	map test {
+		type mark . inet_service . inet_proto : mark
+		flags interval,timeout
+	}
+
+	chain output {
+		type gilter hook output priority filuer; policy 
\ No newline at end of file