pull a fix from bgpd:

plug a memory leak in the lexer.
the issue is this code fragement from yylex():
.		token = lookup(buf);
.		yylval.v.string = strdup(buf);
.		if (yylval.v.string == NULL)
.			err(1, "yylex: strdup");
.		return (token);
lookup() tries to match buf against a list of keywords, and returns the
associated token if it has a match, or the token STRING otherwise.
STRING is the only token that needs (and free()s) yylval.v.string. however,
we assigned memory for it with the strdup in yylex for each and every token.
the fix is obviously only setting yylval.v.string when lookup() returns STRING.
Patrick Latifi noticed that something was leaking with token handling,
analysis and fix by me.
ok deraadt@
also err instead of errx after strdup failure

1 files changed, 4 insertions, 5 deletions

diff --git a/usr.sbin/ifstated/parse.y b/usr.sbin/ifstated/parse.y
index 6a833e74a38..15ccb0977ab 100644
--- a/usr.sbin/ifstated/parse.y
+++ b/usr.sbin/ifstated/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.4 2004/02/15 00:56:01 mcbride Exp $	*/
+/*	$OpenBSD: parse.y,v 1.5 2004/03/06 21:47:21 henning Exp $	*/
 
 /*
  * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
@@ -582,10 +582,9 @@ top:
 		} while ((c = lgetc(fin)) != EOF && (allowed_in_string(c)));
 		lungetc(c);
 		*p = '\0';
-		token = lookup(buf);
-		yylval.v.string = strdup(buf);
-		if (yylval.v.string == NULL)
-			errx(1, "yylex: strdup");
+		if ((token = lookup(buf)) == STRING)
+			if ((yylval.v.string = strdup(buf)) == NULL)
+				err(1, "yylex: strdup");
 		return (token);
 	}
 	if (c == '\n') {