From 3ba0e5af6b5da9dfff5273bc1f0f15a60a9fe33b Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 7 Jan 2025 23:55:06 +0100
Subject: [PATCH] parser_bison: fix UaF when reporting table parse error

It passed already-freed memory to erec function.  Found with afl++ and asan.

Fixes: 4955ae1a81b7 ("Add support for table's persist flag")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/parser_bison.y b/src/parser_bison.y
index e107ddfd..31ccc5e2 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1940,12 +1940,14 @@ table_flags		:	table_flag
 table_flag		:	STRING
 			{
 				$$ = parse_table_flag($1);
-				free_const($1);
 				if ($$ == 0) {
 					erec_queue(error(&@1, "unknown table option %s", $1),
 						   state->msgs);
+					free_const($1);
 					YYERROR;
 				}
+
+				free_const($1);
 			}
 			;
 
-- 
2.47.3