From: Florian Westphal Date: Thu, 16 Oct 2025 14:59:35 +0000 (+0200) Subject: src: parser_bison: prevent multiple ip daddr/saddr definitions X-Git-Tag: v1.1.6~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb3e048171fe09c347c43398a779180717818466;p=thirdparty%2Fnftables.git src: parser_bison: prevent multiple ip daddr/saddr definitions minor change to the bogon makes it assert because symbolic expression will have wrong refcount (2) at scope teardown. Signed-off-by: Florian Westphal Reviewed-by: Fernando Fernandez Mancera --- diff --git a/src/parser_bison.y b/src/parser_bison.y index b63c7df1..4e028d31 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -5070,21 +5070,38 @@ tunnel_config : ID NUM } | IP SADDR symbol_expr close_scope_ip { + if (already_set($0->tunnel.src, &@3, state)) { + expr_free($3); + YYERROR; + } + $0->tunnel.src = $3; datatype_set($3, &ipaddr_type); } | IP DADDR symbol_expr close_scope_ip { + if (already_set($0->tunnel.dst, &@3, state)) { + expr_free($3); + YYERROR; + } $0->tunnel.dst = $3; datatype_set($3, &ipaddr_type); } | IP6 SADDR symbol_expr close_scope_ip6 { + if (already_set($0->tunnel.src, &@3, state)) { + expr_free($3); + YYERROR; + } $0->tunnel.src = $3; datatype_set($3, &ip6addr_type); } | IP6 DADDR symbol_expr close_scope_ip6 { + if (already_set($0->tunnel.dst, &@3, state)) { + expr_free($3); + YYERROR; + } $0->tunnel.dst = $3; datatype_set($3, &ip6addr_type); } diff --git a/tests/shell/testcases/bogons/nft-f/tunnel_with_anon_set_assert b/tests/shell/testcases/bogons/nft-f/tunnel_with_anon_set_assert index 6f7b212a..d0256894 100644 --- a/tests/shell/testcases/bogons/nft-f/tunnel_with_anon_set_assert +++ b/tests/shell/testcases/bogons/nft-f/tunnel_with_anon_set_assert @@ -3,6 +3,7 @@ define s = { 1.2.3.4, 5.6.7.8 } table netdev x { tunnel t { ip saddr $s + ip saddr $s } }