src: parser_bison: prevent multiple ip daddr/saddr definitions

minor change to the bogon makes it assert because symbolic expression
will have wrong refcount (2) at scope teardown.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index b63c7df18a35e408e4260c5ccce02ff9693d3658..4e028d31c165fbb9f0743d15ac318e9f4996a6c5 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -5070,21 +5070,38 @@ tunnel_config           :       ID      NUM
                        }
                        |       IP      SADDR   symbol_expr     close_scope_ip
                        {
+                               if (already_set($<obj>0->tunnel.src, &@3, state)) {
+                                       expr_free($3);
+                                       YYERROR;
+                               }
+
                                $<obj>0->tunnel.src = $3;
                                datatype_set($3, &ipaddr_type);
                        }
                        |       IP      DADDR   symbol_expr     close_scope_ip
                        {
+                               if (already_set($<obj>0->tunnel.dst, &@3, state)) {
+                                       expr_free($3);
+                                       YYERROR;
+                               }
                                $<obj>0->tunnel.dst = $3;
                                datatype_set($3, &ipaddr_type);
                        }
                        |       IP6     SADDR   symbol_expr     close_scope_ip6
                        {
+                               if (already_set($<obj>0->tunnel.src, &@3, state)) {
+                                       expr_free($3);
+                                       YYERROR;
+                               }
                                $<obj>0->tunnel.src = $3;
                                datatype_set($3, &ip6addr_type);
                        }
                        |       IP6     DADDR   symbol_expr     close_scope_ip6
                        {
+                               if (already_set($<obj>0->tunnel.dst, &@3, state)) {
+                                       expr_free($3);
+                                       YYERROR;
+                               }
                                $<obj>0->tunnel.dst = $3;
                                datatype_set($3, &ip6addr_type);
                        }

diff --git a/tests/shell/testcases/bogons/nft-f/tunnel_with_anon_set_assert b/tests/shell/testcases/bogons/nft-f/tunnel_with_anon_set_assert
index 6f7b212aefefaacc65985c07c2177c11ab009dea..d025689443010f178d69700f527865e8b13367e7 100644 (file)
--- a/tests/shell/testcases/bogons/nft-f/tunnel_with_anon_set_assert
+++ b/tests/shell/testcases/bogons/nft-f/tunnel_with_anon_set_assert
@@ -3,6 +3,7 @@ define s = { 1.2.3.4, 5.6.7.8 }
 table netdev x {
        tunnel t {
                ip saddr $s
+               ip saddr $s
        }
        }