diff options
author | Florian Westphal <fw@strlen.de> | 2023-12-08 13:37:27 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-12-12 13:30:09 +0100 |
commit | 8504b6ef406efffcd0c5caff41c42df4b42a8dd1 (patch) | |
tree | dad78a829786a71089f213eba72809d910beff08 | |
parent | 0004363b354ffec9c6857d18654036abda77e4d0 (diff) |
parser_bison: fix memleak in meta set error handling
commit 21608263cc1ae489326e743957bfe34b05414a44 upstream.
We must release the expression here, found via afl++ and
-fsanitize-address build.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | src/parser_bison.y | 1 | ||||
-rw-r--r-- | tests/shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 0922ccf1..8f5ab29a 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -5142,6 +5142,7 @@ meta_stmt : META meta_key SET stmt_expr close_scope_meta xfree($2); if (erec != NULL) { erec_queue(erec, state->msgs); + expr_free($4); YYERROR; } diff --git a/tests/shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath b/tests/shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath new file mode 100644 index 00000000..917e8bf8 --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath @@ -0,0 +1,5 @@ +table filter { + chain y { + meta seccark set ct secmark + } +} |