Missing expr_free() from the error path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/parser_bison.y | 1 + 1 file changed, 1 insertion(+) diff --git a/src/parser_bison.y b/src/parser_bison.y index f0cca64136ee..167c315810ed 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -862,6 +862,7 @@ common_block : INCLUDE QUOTED_STRING stmt_separator if (symbol_lookup(scope, $2) != NULL) { erec_queue(error(&@2, "redefinition of symbol '%s'", $2), state->msgs); + expr_free($4); xfree($2); YYERROR; } -- 2.20.1
Release the clone expression from the exit path. Fixes: 5173151863d3 ("evaluate: replace variable expression by the value expression") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/evaluate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/evaluate.c b/src/evaluate.c index e529a7f08e14..536325e83537 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2017,8 +2017,10 @@ static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp) { struct expr *new = expr_clone((*exprp)->sym->expr); - if (expr_evaluate(ctx, &new) < 0) + if (expr_evaluate(ctx, &new) < 0) { + expr_free(new); return -1; + } expr_free(*exprp); *exprp = new; -- 2.20.1
Release priority expression right before assigning the constant expression that results from the evaluation. Fixes: 627c451b2351 ("src: allow variables in the chain priority specification") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/evaluate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/evaluate.c b/src/evaluate.c index 536325e83537..7f93621827e6 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3707,7 +3707,6 @@ static bool evaluate_priority(struct eval_ctx *ctx, struct prio_spec *prio, mpz_export_data(prio_str, prio->expr->value, BYTEORDER_HOST_ENDIAN, NFT_NAME_MAXLEN); loc = prio->expr->location; - expr_free(prio->expr); if (sscanf(prio_str, "%s %c %d", prio_fst, &op, &prio_snd) < 3) { priority = std_prio_lookup(prio_str, family, hook); @@ -3724,6 +3723,7 @@ static bool evaluate_priority(struct eval_ctx *ctx, struct prio_spec *prio, else return false; } + expr_free(prio->expr); prio->expr = constant_expr_alloc(&loc, &integer_type, BYTEORDER_HOST_ENDIAN, sizeof(int) * BITS_PER_BYTE, -- 2.20.1
Release the clone expression from the exit path. Fixes: 5173151863d3 ("evaluate: replace variable expression by the value expression") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/evaluate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/evaluate.c b/src/evaluate.c index e529a7f08e14..536325e83537 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2017,8 +2017,10 @@ static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp) { struct expr *new = expr_clone((*exprp)->sym->expr); - if (expr_evaluate(ctx, &new) < 0) + if (expr_evaluate(ctx, &new) < 0) { + expr_free(new); return -1; + } expr_free(*exprp); *exprp = new; -- 2.20.1