From: Florian Westphal <fw@strlen.de>
Date: Wed, 13 Dec 2023 10:18:06 +0000 (+0100)
Subject: parser_bison: fix memory leaks on hookspec error processing
X-Git-Tag: v1.1.0~160
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d755c2a3ae7fe8272321a1d81eafbd90052c4f14;p=thirdparty%2Fnftables.git

parser_bison: fix memory leaks on hookspec error processing

prio_spec may contain an embedded expression, release it.
We also need to release the device expr and the hook string.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/parser_bison.y b/src/parser_bison.y
index c69252fee..571eddf13 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -708,6 +708,8 @@ int nft_lex(void *, void *, void *);
 %type <val>			family_spec family_spec_explicit
 %type <val32>			int_num	chain_policy
 %type <prio_spec>		extended_prio_spec prio_spec
+%destructor { expr_free($$.expr); } extended_prio_spec prio_spec
+
 %type <string>			extended_prio_name quota_unit	basehook_device_name
 %destructor { free_const($$); }	extended_prio_name quota_unit	basehook_device_name
 
@@ -2615,6 +2617,9 @@ hook_spec		:	TYPE		close_scope_type	STRING		HOOK		STRING		dev_spec	prio_spec
 					erec_queue(error(&@3, "unknown chain type"),
 						   state->msgs);
 					free_const($3);
+					free_const($5);
+					expr_free($6);
+					expr_free($7.expr);
 					YYERROR;
 				}
 				$<chain>0->type.loc = @3;
@@ -2628,6 +2633,8 @@ hook_spec		:	TYPE		close_scope_type	STRING		HOOK		STRING		dev_spec	prio_spec
 					erec_queue(error(&@5, "unknown chain hook"),
 						   state->msgs);
 					free_const($5);
+					expr_free($6);
+					expr_free($7.expr);
 					YYERROR;
 				}
 				free_const($5);
diff --git a/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error b/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error
new file mode 100644
index 000000000..6f52658fb
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/memleak_on_hookspec_error
@@ -0,0 +1,21 @@
+table ip filter {
+	ct expectation ctexpect {
+		protocol tcp
+		size 12
+		l3proto ip
+	} . inet_proto : mark
+		flags interval,timeout
+	}
+
+	chain output {
+		type gilter hook output priori
+
+	chain c {
+		cttable inet filter {
+	map test {
+		type mark . inet_service . inet_proto : mark
+		flags interval,timeout
+	}
+
+	chain output {
+		type gilter hook output priority filuer; policy 
\ No newline at end of file