parser_bison: fix ct scope underflow if ct helper section is duplicated

table inet filter { ct helper sip-5060u { type "sip" protocol udp l3proto ip }5060t { type "sip" protocol tcp l3pownerip } Will close the 'ct' scope twice, it has to be closed AFTER the separator has been parsed. While not strictly needed, also error out if the protocol is already given, this provides a better error description. Also make sure we release the string in all error branches. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2023-12-12 10:22:58 +0100
committer: Florian Westphal <fw@strlen.de> 2023-12-12 16:33:48 +0100
commit: 037d58a27d675802286aafb23e409b8c1d3eef56 (patch)
tree: 8212aabbc7258e5647a96caf82b0b7984c3d22fa /tests
parent: d5a06af393eaf47571c884a265d1f6e6ba34ed97 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/shell/testcases/bogons/nft-f/ct_helper_yystate_underflow b/tests/shell/testcases/bogons/nft-f/ct_helper_yystate_underflow
new file mode 100644
index 00000000..18eb25eb
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/ct_helper_yystate_underflow
@@ -0,0 +1,14 @@
+table inet filter {
+	ct helper sip-5060u {
+		type "sip" protocol udp
+		l3proto ip
+	}5060t {
+		type "sip" protocol tcp
+		l3pownerip
+	}
+
+	chain input {
+		type filtol/dev/stdinok input priority f)lser; policy accept;
+		ct helper set ip protocol . th dport map { udp . 1-20000 : "si60u", tcp . 10000-20000 : "sip-5060t" }
+	}
+}
author	Florian Westphal <fw@strlen.de>	2023-12-12 10:22:58 +0100
committer	Florian Westphal <fw@strlen.de>	2023-12-12 16:33:48 +0100
commit	037d58a27d675802286aafb23e409b8c1d3eef56 (patch)
tree	8212aabbc7258e5647a96caf82b0b7984c3d22fa /tests
parent	d5a06af393eaf47571c884a265d1f6e6ba34ed97 (diff)