parser_bison: ensure all timeout policy names are released

commit 86a496928420046e9d32317f09db050e8351b10e upstream.

We need to add a custom destructor for this structure, it
contains the dynamically allocated names.

a:5:55-55: Error: syntax error, unexpected '}', expecting string
policy = { estabQisheestablished : 2m3s, cd : 2m3s, }

==562373==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 160 byte(s) in 2 object(s) allocated from:
    #1 0x5a565b in xmalloc src/utils.c:31:8
    #2 0x5a565b in xzalloc src/utils.c:70:8
    #3 0x3d9352 in nft_parse_bison_filename src/libnftables.c:520:8
[..]

Fixes: c7c94802679c ("src: add ct timeout support")
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 526285dace0fb2f0903312284cd646fda837409d..30a4c1ed5b2f8c3a9a89e0f5ef58ad95e0efacbd 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -172,6 +172,24 @@ static struct expr *ifname_expr_alloc(const struct location *location,
        return expr;
 }
 
+static void timeout_state_free(struct timeout_state *s)
+{
+       xfree(s->timeout_str);
+       free(s);
+}
+
+static void timeout_states_free(struct list_head *list)
+{
+       struct timeout_state *ts, *next;
+
+       list_for_each_entry_safe(ts, next, list, head) {
+               list_del(&ts->head);
+               timeout_state_free(ts);
+       }
+
+       free(list);
+}
+
 #define YYLLOC_DEFAULT(Current, Rhs, N)        location_update(&Current, Rhs, N)
 
 #define symbol_value(loc, str) \
@@ -229,6 +247,7 @@ int nft_lex(void *, void *, void *);
                uint16_t kind; /* must allow > 255 for SACK1, 2.. hack */
                uint8_t field;
        } tcp_kind_field;
+       struct timeout_state    *timeout_state;
 }
 
 %token TOKEN_EOF 0             "end of file"
@@ -950,8 +969,11 @@ int nft_lex(void *, void *, void *);
 
 %type <val>                    ct_l4protoname ct_obj_type ct_cmd_type ct_obj_type_map
 
-%type <list>                   timeout_states timeout_state
-%destructor { xfree($$); }     timeout_states timeout_state
+%type <timeout_state>          timeout_state
+%destructor { timeout_state_free($$); }                timeout_state
+
+%type <list>                   timeout_states
+%destructor { timeout_states_free($$); }       timeout_states
 
 %type <val>                    xfrm_state_key  xfrm_state_proto_key xfrm_dir   xfrm_spnum
 %type <expr>                   xfrm_expr
@@ -4717,11 +4739,11 @@ timeout_states          :       timeout_state
                        {
                                $$ = xmalloc(sizeof(*$$));
                                init_list_head($$);
-                               list_add_tail($1, $$);
+                               list_add_tail(&$1->head, $$);
                        }
                        |       timeout_states  COMMA   timeout_state
                        {
-                               list_add_tail($3, $1);
+                               list_add_tail(&$3->head, $1);
                                $$ = $1;
                        }
                        ;
@@ -4735,7 +4757,7 @@ timeout_state             :       STRING  COLON   time_spec_or_num_s
                                ts->timeout_value = $3;
                                ts->location = @1;
                                init_list_head(&ts->head);
-                               $$ = &ts->head;
+                               $$ = ts;
                        }
                        ;
 

diff --git a/tests/shell/testcases/bogons/nft-f/ct_timeout_memleak b/tests/shell/testcases/bogons/nft-f/ct_timeout_memleak
new file mode 100644 (file)
index 0000000..014525a
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/ct_timeout_memleak
@@ -0,0 +1,7 @@
+table ip filter {
+        ct timeout cttime {
+                protocol tcp
+                l3proto ip
+                policy = { estabQisheestablished : 2m3s, cd : 2m3s, }
+        }
+}