* [PATCH nftables] parser_bison: fail when specifying multiple comments
@ 2020-09-10 16:40 Jose M. Guisado Gomez
2020-09-21 23:17 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Jose M. Guisado Gomez @ 2020-09-10 16:40 UTC (permalink / raw)
To: netfilter-devel, pablo
Before this patch grammar supported specifying multiple comments, and
only the last value would be assigned.
This patch adds a function to test if an attribute is already assigned
and, if so, calls erec_queue with this attribute location.
Use this function in order to check for duplication (or more) of comments
for actions that support it.
> nft add table inet filter { flags "dormant"\; comment "test"\; comment "another"\;}
Error: You can only specify this once. This statement is duplicated.
add table inet filter { flags dormant; comment test; comment another;}
^^^^^^^^^^^^^^^^
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
---
src/parser_bison.y | 64 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 64 insertions(+)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 7242c4c3..c7ea520c 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -121,6 +121,18 @@ static struct expr *handle_concat_expr(const struct location *loc,
return expr;
}
+static bool already_set(const void *attr, const struct location *loc,
+ struct parser_state *state)
+{
+ if (attr != NULL) {
+ erec_queue(error(loc, "You can only specify this once. This statement is duplicated."),
+ state->msgs);
+ return true;
+ }
+
+ return false;
+}
+
#define YYLLOC_DEFAULT(Current, Rhs, N) location_update(&Current, Rhs, N)
#define symbol_value(loc, str) \
@@ -1556,6 +1568,10 @@ table_options : FLAGS STRING
}
| comment_spec
{
+ if (already_set($<table>0->comment, &@$, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<table>0->comment = $1;
}
;
@@ -1795,6 +1811,10 @@ set_block : /* empty */ { $$ = $<set>-1; }
| set_block set_mechanism stmt_separator
| set_block comment_spec stmt_separator
{
+ if (already_set($1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$1->comment = $2;
$$ = $1;
}
@@ -1923,6 +1943,10 @@ map_block : /* empty */ { $$ = $<set>-1; }
}
| map_block comment_spec stmt_separator
{
+ if (already_set($1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$1->comment = $2;
$$ = $1;
}
@@ -2061,6 +2085,10 @@ counter_block : /* empty */ { $$ = $<obj>-1; }
}
| counter_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2074,6 +2102,10 @@ quota_block : /* empty */ { $$ = $<obj>-1; }
}
| quota_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2087,6 +2119,10 @@ ct_helper_block : /* empty */ { $$ = $<obj>-1; }
}
| ct_helper_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2104,6 +2140,10 @@ ct_timeout_block : /*empty */
}
| ct_timeout_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2117,6 +2157,10 @@ ct_expect_block : /*empty */ { $$ = $<obj>-1; }
}
| ct_expect_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2130,6 +2174,10 @@ limit_block : /* empty */ { $$ = $<obj>-1; }
}
| limit_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2143,6 +2191,10 @@ secmark_block : /* empty */ { $$ = $<obj>-1; }
}
| secmark_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -2156,6 +2208,10 @@ synproxy_block : /* empty */ { $$ = $<obj>-1; }
}
| synproxy_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
@@ -4000,6 +4056,10 @@ set_elem_option : TIMEOUT time_spec
}
| comment_spec
{
+ if (already_set($<expr>0->comment, &@1, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<expr>0->comment = $1;
}
;
@@ -4034,6 +4094,10 @@ set_elem_expr_option : TIMEOUT time_spec
}
| comment_spec
{
+ if (already_set($<expr>0->comment, &@1, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<expr>0->comment = $1;
}
;
--
2.27.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nftables] parser_bison: fail when specifying multiple comments
2020-09-10 16:40 [PATCH nftables] parser_bison: fail when specifying multiple comments Jose M. Guisado Gomez
@ 2020-09-21 23:17 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-09-21 23:17 UTC (permalink / raw)
To: Jose M. Guisado Gomez; +Cc: netfilter-devel
On Thu, Sep 10, 2020 at 06:40:20PM +0200, Jose M. Guisado Gomez wrote:
> Before this patch grammar supported specifying multiple comments, and
> only the last value would be assigned.
>
> This patch adds a function to test if an attribute is already assigned
> and, if so, calls erec_queue with this attribute location.
>
> Use this function in order to check for duplication (or more) of comments
> for actions that support it.
>
> > nft add table inet filter { flags "dormant"\; comment "test"\; comment "another"\;}
>
> Error: You can only specify this once. This statement is duplicated.
> add table inet filter { flags dormant; comment test; comment another;}
> ^^^^^^^^^^^^^^^^
Applied, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-21 23:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-10 16:40 [PATCH nftables] parser_bison: fail when specifying multiple comments Jose M. Guisado Gomez
2020-09-21 23:17 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).