|
 |
fcec7e |
From a5edeb0b5fe0b6ac819bff1f29a2baf472cef755 Mon Sep 17 00:00:00 2001
|
|
|
fcec7e |
From: Ash Hughes <sehguh.hsa@gmail.com>
|
|
|
fcec7e |
Date: Thu, 30 May 2019 21:49:56 +0100
|
|
|
fcec7e |
Subject: [PATCH] conntrackd: Use strdup in lexer
|
|
|
fcec7e |
|
|
|
fcec7e |
Use strdup in the config file lexer to copy strings to yylval.string. This
|
|
|
fcec7e |
should solve the "[ERROR] unknown layer 3 protocol" problem here:
|
|
|
fcec7e |
https://www.spinics.net/lists/netfilter/msg58628.html.
|
|
|
fcec7e |
|
|
|
fcec7e |
Signed-off-by: Ash Hughes <sehguh.hsa@gmail.com>
|
|
|
fcec7e |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
fcec7e |
(cherry picked from commit c12fa8df76752b0a011430f069677b52e4dad164)
|
|
|
fcec7e |
---
|
|
|
fcec7e |
src/read_config_lex.l | 8 +++---
|
|
|
fcec7e |
src/read_config_yy.y | 62 +++++++++++++++++++++++++++++++++++++++++++
|
|
|
fcec7e |
2 files changed, 66 insertions(+), 4 deletions(-)
|
|
|
fcec7e |
|
|
|
fcec7e |
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
|
|
|
fcec7e |
index 120bc009295a8..b0d9e61e0e4b9 100644
|
|
|
fcec7e |
--- a/src/read_config_lex.l
|
|
|
fcec7e |
+++ b/src/read_config_lex.l
|
|
|
fcec7e |
@@ -142,9 +142,9 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
|
|
|
fcec7e |
{is_off} { return T_OFF; }
|
|
|
fcec7e |
{integer} { yylval.val = atoi(yytext); return T_NUMBER; }
|
|
|
fcec7e |
{signed_integer} { yylval.val = atoi(yytext); return T_SIGNED_NUMBER; }
|
|
|
fcec7e |
-{ip4} { yylval.string = yytext; return T_IP; }
|
|
|
fcec7e |
-{ip6} { yylval.string = yytext; return T_IP; }
|
|
|
fcec7e |
-{path} { yylval.string = yytext; return T_PATH_VAL; }
|
|
|
fcec7e |
+{ip4} { yylval.string = strdup(yytext); return T_IP; }
|
|
|
fcec7e |
+{ip6} { yylval.string = strdup(yytext); return T_IP; }
|
|
|
fcec7e |
+{path} { yylval.string = strdup(yytext); return T_PATH_VAL; }
|
|
|
fcec7e |
{alarm} { return T_ALARM; }
|
|
|
fcec7e |
{persistent} { dlog(LOG_WARNING, "Now `persistent' mode "
|
|
|
fcec7e |
"is called `alarm'. Please, update "
|
|
|
fcec7e |
@@ -156,7 +156,7 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
|
|
|
fcec7e |
"your conntrackd.conf file.\n");
|
|
|
fcec7e |
return T_FTFW; }
|
|
|
fcec7e |
{notrack} { return T_NOTRACK; }
|
|
|
fcec7e |
-{string} { yylval.string = yytext; return T_STRING; }
|
|
|
fcec7e |
+{string} { yylval.string = strdup(yytext); return T_STRING; }
|
|
|
fcec7e |
|
|
|
fcec7e |
{comment} ;
|
|
|
fcec7e |
{ws} ;
|
|
|
fcec7e |
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
|
|
|
fcec7e |
index 1d510ed20ec8f..ceba6fc0d2426 100644
|
|
|
fcec7e |
--- a/src/read_config_yy.y
|
|
|
fcec7e |
+++ b/src/read_config_yy.y
|
|
|
fcec7e |
@@ -117,6 +117,7 @@ logfile_bool : T_LOG T_OFF
|
|
|
fcec7e |
logfile_path : T_LOG T_PATH_VAL
|
|
|
fcec7e |
{
|
|
|
fcec7e |
strncpy(conf.logfile, $2, FILENAME_MAXLEN);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
syslog_bool : T_SYSLOG T_ON
|
|
|
fcec7e |
@@ -152,8 +153,10 @@ syslog_facility : T_SYSLOG T_STRING
|
|
|
fcec7e |
else {
|
|
|
fcec7e |
dlog(LOG_WARNING, "'%s' is not a known syslog facility, "
|
|
|
fcec7e |
"ignoring", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
|
|
|
fcec7e |
if (conf.stats.syslog_facility != -1 &&
|
|
|
fcec7e |
conf.syslog_facility != conf.stats.syslog_facility)
|
|
|
fcec7e |
@@ -164,6 +167,7 @@ syslog_facility : T_SYSLOG T_STRING
|
|
|
fcec7e |
lock : T_LOCK T_PATH_VAL
|
|
|
fcec7e |
{
|
|
|
fcec7e |
strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
refreshtime : T_REFRESH T_NUMBER
|
|
|
fcec7e |
@@ -225,6 +229,7 @@ multicast_option : T_IPV4_ADDR T_IP
|
|
|
fcec7e |
|
|
|
fcec7e |
if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.in)) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -235,6 +240,7 @@ multicast_option : T_IPV4_ADDR T_IP
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -247,6 +253,7 @@ multicast_option : T_IPV6_ADDR T_IP
|
|
|
fcec7e |
&conf.channel[conf.channel_num].u.mcast.in);
|
|
|
fcec7e |
if (err == 0) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
} else if (err < 0) {
|
|
|
fcec7e |
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
|
|
|
fcec7e |
@@ -257,6 +264,7 @@ multicast_option : T_IPV6_ADDR T_IP
|
|
|
fcec7e |
dlog(LOG_WARNING, "your multicast address is IPv6 but "
|
|
|
fcec7e |
"is binded to an IPv4 interface? "
|
|
|
fcec7e |
"Surely this is not what you want");
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -269,12 +277,14 @@ multicast_option : T_IPV6_ADDR T_IP
|
|
|
fcec7e |
idx = if_nametoindex($2);
|
|
|
fcec7e |
if (!idx) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is an invalid interface", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx;
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
multicast_option : T_IPV4_IFACE T_IP
|
|
|
fcec7e |
@@ -283,8 +293,10 @@ multicast_option : T_IPV4_IFACE T_IP
|
|
|
fcec7e |
|
|
|
fcec7e |
if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.ifa)) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
|
|
|
fcec7e |
if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "your multicast interface is IPv4 but "
|
|
|
fcec7e |
@@ -299,6 +311,7 @@ multicast_option : T_IPV4_IFACE T_IP
|
|
|
fcec7e |
multicast_option : T_IPV6_IFACE T_IP
|
|
|
fcec7e |
{
|
|
|
fcec7e |
dlog(LOG_WARNING, "`IPv6_interface' not required, ignoring");
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
multicast_option : T_IFACE T_STRING
|
|
|
fcec7e |
@@ -312,6 +325,7 @@ multicast_option : T_IFACE T_STRING
|
|
|
fcec7e |
idx = if_nametoindex($2);
|
|
|
fcec7e |
if (!idx) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is an invalid interface", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -319,6 +333,8 @@ multicast_option : T_IFACE T_STRING
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx;
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
multicast_option : T_GROUP T_NUMBER
|
|
|
fcec7e |
@@ -390,8 +406,10 @@ udp_option : T_IPV4_ADDR T_IP
|
|
|
fcec7e |
|
|
|
fcec7e |
if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -404,12 +422,14 @@ udp_option : T_IPV6_ADDR T_IP
|
|
|
fcec7e |
&conf.channel[conf.channel_num].u.udp.server.ipv6);
|
|
|
fcec7e |
if (err == 0) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
} else if (err < 0) {
|
|
|
fcec7e |
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -419,8 +439,10 @@ udp_option : T_IPV4_DEST_ADDR T_IP
|
|
|
fcec7e |
|
|
|
fcec7e |
if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.client)) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -433,12 +455,14 @@ udp_option : T_IPV6_DEST_ADDR T_IP
|
|
|
fcec7e |
&conf.channel[conf.channel_num].u.udp.client);
|
|
|
fcec7e |
if (err == 0) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
} else {
|
|
|
fcec7e |
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -452,9 +476,12 @@ udp_option : T_IFACE T_STRING
|
|
|
fcec7e |
idx = if_nametoindex($2);
|
|
|
fcec7e |
if (!idx) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is an invalid interface", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx;
|
|
|
fcec7e |
+
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
udp_option : T_PORT T_NUMBER
|
|
|
fcec7e |
@@ -530,8 +557,10 @@ tcp_option : T_IPV4_ADDR T_IP
|
|
|
fcec7e |
|
|
|
fcec7e |
if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.server.ipv4)) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -544,12 +573,14 @@ tcp_option : T_IPV6_ADDR T_IP
|
|
|
fcec7e |
&conf.channel[conf.channel_num].u.tcp.server.ipv6);
|
|
|
fcec7e |
if (err == 0) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
} else if (err < 0) {
|
|
|
fcec7e |
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -559,8 +590,10 @@ tcp_option : T_IPV4_DEST_ADDR T_IP
|
|
|
fcec7e |
|
|
|
fcec7e |
if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.client)) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -573,12 +606,14 @@ tcp_option : T_IPV6_DEST_ADDR T_IP
|
|
|
fcec7e |
&conf.channel[conf.channel_num].u.tcp.client);
|
|
|
fcec7e |
if (err == 0) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
} else if (err < 0) {
|
|
|
fcec7e |
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -592,9 +627,12 @@ tcp_option : T_IFACE T_STRING
|
|
|
fcec7e |
idx = if_nametoindex($2);
|
|
|
fcec7e |
if (!idx) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is an invalid interface", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
conf.channel[conf.channel_num].u.tcp.server.ipv6.scope_id = idx;
|
|
|
fcec7e |
+
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
tcp_option : T_PORT T_NUMBER
|
|
|
fcec7e |
@@ -652,6 +690,7 @@ unix_options:
|
|
|
fcec7e |
unix_option : T_PATH T_PATH_VAL
|
|
|
fcec7e |
{
|
|
|
fcec7e |
strncpy(conf.local.path, $2, PATH_MAX);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
unix_option : T_BACKLOG T_NUMBER
|
|
|
fcec7e |
@@ -739,6 +778,7 @@ expect_list:
|
|
|
fcec7e |
expect_item: T_STRING
|
|
|
fcec7e |
{
|
|
|
fcec7e |
exp_filter_add(STATE(exp_filter), $1);
|
|
|
fcec7e |
+ free($1);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}'
|
|
|
fcec7e |
@@ -986,8 +1026,11 @@ scheduler_line : T_TYPE T_STRING
|
|
|
fcec7e |
conf.sched.type = SCHED_FIFO;
|
|
|
fcec7e |
} else {
|
|
|
fcec7e |
dlog(LOG_ERR, "unknown scheduler `%s'", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
scheduler_line : T_PRIO T_NUMBER
|
|
|
fcec7e |
@@ -1065,8 +1108,10 @@ filter_protocol_item : T_STRING
|
|
|
fcec7e |
if (pent == NULL) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "getprotobyname() cannot find "
|
|
|
fcec7e |
"protocol `%s' in /etc/protocols", $1);
|
|
|
fcec7e |
+ free($1);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($1);
|
|
|
fcec7e |
ct_filter_add_proto(STATE(us_filter), pent->p_proto);
|
|
|
fcec7e |
|
|
|
fcec7e |
__kernel_filter_start();
|
|
|
fcec7e |
@@ -1163,12 +1208,14 @@ filter_address_item : T_IPV4_ADDR T_IP
|
|
|
fcec7e |
if (cidr > 32) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s/%d is not a valid network, "
|
|
|
fcec7e |
"ignoring", $2, cidr);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
if (!inet_aton($2, &ip.ipv4)) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv4, ignoring", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
@@ -1194,6 +1241,7 @@ filter_address_item : T_IPV4_ADDR T_IP
|
|
|
fcec7e |
"ignore pool!");
|
|
|
fcec7e |
}
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
__kernel_filter_start();
|
|
|
fcec7e |
|
|
|
fcec7e |
/* host byte order */
|
|
|
fcec7e |
@@ -1223,6 +1271,7 @@ filter_address_item : T_IPV6_ADDR T_IP
|
|
|
fcec7e |
if (cidr > 128) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s/%d is not a valid network, "
|
|
|
fcec7e |
"ignoring", $2, cidr);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
}
|
|
|
fcec7e |
@@ -1230,6 +1279,7 @@ filter_address_item : T_IPV6_ADDR T_IP
|
|
|
fcec7e |
err = inet_pton(AF_INET6, $2, &ip.ipv6);
|
|
|
fcec7e |
if (err == 0) {
|
|
|
fcec7e |
dlog(LOG_WARNING, "%s is not a valid IPv6, ignoring", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
} else if (err < 0) {
|
|
|
fcec7e |
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
|
|
|
fcec7e |
@@ -1256,6 +1306,7 @@ filter_address_item : T_IPV6_ADDR T_IP
|
|
|
fcec7e |
"ignore pool!");
|
|
|
fcec7e |
}
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
__kernel_filter_start();
|
|
|
fcec7e |
|
|
|
fcec7e |
/* host byte order */
|
|
|
fcec7e |
@@ -1326,6 +1377,7 @@ stat_logfile_bool : T_LOG T_OFF
|
|
|
fcec7e |
stat_logfile_path : T_LOG T_PATH_VAL
|
|
|
fcec7e |
{
|
|
|
fcec7e |
strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
};
|
|
|
fcec7e |
|
|
|
fcec7e |
stat_syslog_bool : T_SYSLOG T_ON
|
|
|
fcec7e |
@@ -1361,8 +1413,10 @@ stat_syslog_facility : T_SYSLOG T_STRING
|
|
|
fcec7e |
else {
|
|
|
fcec7e |
dlog(LOG_WARNING, "'%s' is not a known syslog facility, "
|
|
|
fcec7e |
"ignoring.", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
|
|
|
fcec7e |
if (conf.syslog_facility != -1 &&
|
|
|
fcec7e |
conf.stats.syslog_facility != conf.syslog_facility)
|
|
|
fcec7e |
@@ -1396,8 +1450,10 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
|
|
|
fcec7e |
l3proto = AF_INET6;
|
|
|
fcec7e |
else {
|
|
|
fcec7e |
dlog(LOG_ERR, "unknown layer 3 protocol");
|
|
|
fcec7e |
+ free($3);
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($3);
|
|
|
fcec7e |
|
|
|
fcec7e |
if (strcmp($4, "tcp") == 0)
|
|
|
fcec7e |
l4proto = IPPROTO_TCP;
|
|
|
fcec7e |
@@ -1405,19 +1461,23 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
|
|
|
fcec7e |
l4proto = IPPROTO_UDP;
|
|
|
fcec7e |
else {
|
|
|
fcec7e |
dlog(LOG_ERR, "unknown layer 4 protocol");
|
|
|
fcec7e |
+ free($4);
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
+ free($4);
|
|
|
fcec7e |
|
|
|
fcec7e |
#ifdef BUILD_CTHELPER
|
|
|
fcec7e |
helper = helper_find(CONNTRACKD_LIB_DIR, $2, l4proto, RTLD_NOW);
|
|
|
fcec7e |
if (helper == NULL) {
|
|
|
fcec7e |
dlog(LOG_ERR, "Unknown `%s' helper", $2);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
}
|
|
|
fcec7e |
#else
|
|
|
fcec7e |
dlog(LOG_ERR, "Helper support is disabled, recompile conntrackd");
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
#endif
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
|
|
|
fcec7e |
helper_inst = calloc(1, sizeof(struct ctd_helper_instance));
|
|
|
fcec7e |
if (helper_inst == NULL)
|
|
|
fcec7e |
@@ -1520,12 +1580,14 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
|
|
|
fcec7e |
if (e == NULL) {
|
|
|
fcec7e |
dlog(LOG_ERR, "Helper policy configuration empty, fix your "
|
|
|
fcec7e |
"configuration file, please");
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
exit(EXIT_FAILURE);
|
|
|
fcec7e |
break;
|
|
|
fcec7e |
}
|
|
|
fcec7e |
|
|
|
fcec7e |
policy = (struct ctd_helper_policy *) &e->data;
|
|
|
fcec7e |
strncpy(policy->name, $2, CTD_HELPER_NAME_LEN);
|
|
|
fcec7e |
+ free($2);
|
|
|
fcec7e |
policy->name[CTD_HELPER_NAME_LEN-1] = '\0';
|
|
|
fcec7e |
/* Now object is complete. */
|
|
|
fcec7e |
e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT;
|
|
|
fcec7e |
--
|
|
|
fcec7e |
2.34.1
|
|
|
fcec7e |
|