From: "Jose M. Guisado Gomez" <guigom@riseup.net>
To: netfilter-devel@vger.kernel.org, pablo@netfilter.org
Subject: [PATCH nftables] parser_bison: fail when specifying multiple comments
Date: Thu, 10 Sep 2020 18:40:20 +0200 [thread overview]
Message-ID: <20200910164019.86192-1-guigom@riseup.net> (raw)
Before this patch grammar supported specifying multiple comments, and
only the last value would be assigned.
This patch adds a function to test if an attribute is already assigned
and, if so, calls erec_queue with this attribute location.
Use this function in order to check for duplication (or more) of comments
for actions that support it.
> nft add table inet filter { flags "dormant"\; comment "test"\; comment "another"\;}
Error: You can only specify this once. This statement is duplicated.
add table inet filter { flags dormant; comment test; comment another;}
^^^^^^^^^^^^^^^^
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
---
src/parser_bison.y | 64 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 64 insertions(+)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 7242c4c3..c7ea520c 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -121,6 +121,18 @@ static struct expr *handle_concat_expr(const struct location *loc,
return expr;
}
+static bool already_set(const void *attr, const struct location *loc,
+ struct parser_state *state)
+{
+ if (attr != NULL) {
+ erec_queue(error(loc, "You can only specify this once. This statement is duplicated."),
+ state->msgs);
+ return true;
+ }
+
+ return false;
+}
+
#define YYLLOC_DEFAULT(Current, Rhs, N) location_update(&Current, Rhs, N)
#define symbol_value(loc, str) \
@@ -1556,6 +1568,10 @@ table_options : FLAGS STRING
}
| comment_spec
{
+ if (already_set($<table>0->comment, &@$, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<table>0->comment = $1;
}
;
@@ -1795,6 +1811,10 @@ set_block : /* empty */ { $$ = $<set>-1; }
| set_block set_mechanism stmt_separator
| set_block comment_spec stmt_separator
{
+ if (already_set($1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$1->comment = $2;
$$ = $1;
}
@@ -1923,6 +1943,10 @@ map_block : /* empty */ { $$ = $<set>-1; }
}
| map_block comment_spec stmt_separator
{
+ if (already_set($1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$1->comment = $2;
$$ = $1;
}
@@ -2061,6 +2085,10 @@ counter_block : /* empty */ { $$ = $<obj>-1; }
}
| counter_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2074,6 +2102,10 @@ quota_block : /* empty */ { $$ = $<obj>-1; }
}
| quota_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2087,6 +2119,10 @@ ct_helper_block : /* empty */ { $$ = $<obj>-1; }
}
| ct_helper_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2104,6 +2140,10 @@ ct_timeout_block : /*empty */
}
| ct_timeout_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2117,6 +2157,10 @@ ct_expect_block : /*empty */ { $$ = $<obj>-1; }
}
| ct_expect_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2130,6 +2174,10 @@ limit_block : /* empty */ { $$ = $<obj>-1; }
}
| limit_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2143,6 +2191,10 @@ secmark_block : /* empty */ { $$ = $<obj>-1; }
}
| secmark_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2156,6 +2208,10 @@ synproxy_block : /* empty */ { $$ = $<obj>-1; }
}
| synproxy_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -4000,6 +4056,10 @@ set_elem_option : TIMEOUT time_spec
}
| comment_spec
{
+ if (already_set($<expr>0->comment, &@1, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<expr>0->comment = $1;
}
;
@@ -4034,6 +4094,10 @@ set_elem_expr_option : TIMEOUT time_spec
}
| comment_spec
{
+ if (already_set($<expr>0->comment, &@1, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<expr>0->comment = $1;
}
;
--
2.27.0
next reply other threads:[~2020-09-10 16:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-10 16:40 Jose M. Guisado Gomez [this message]
2020-09-21 23:17 ` [PATCH nftables] parser_bison: fail when specifying multiple comments Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200910164019.86192-1-guigom@riseup.net \
--to=guigom@riseup.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).