When the hook location is invalid we error out but we do leak both
the priority expression and the flowtable name.  Example:

valgrind --leak-check=full nft -f flowtable-parser-err-memleak
[..] Error: unknown chain hook
hook enoent priority filter + 10
     ^^^^^^
[..]
2 bytes in 1 blocks are definitely lost in loss record 1 of 3
   at: malloc (vg_replace_malloc.c:446)
   by: strdup (in libc.so.6)
   by: xstrdup (in libnftables.so.1.1.0)
   by: nft_lex (in libnftables.so.1.1.0)
   by: nft_parse (in libnftables.so.1.1.0)
   by: __nft_run_cmd_from_filename (in libnftables.so.1.1.0)
   by: nft_run_cmd_from_filename (in libnftables.so.1.1.0)

First two reports are due to the priority expression: this needs to call
expr_free().  Third report is due to the flowtable name, the destructor
was missing so add one.

After fix:
All heap blocks were freed -- no leaks are possible

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/parser_bison.y                                           | 3 ++-
 .../testcases/bogons/nft-f/flowtable-parser-err-memleak      | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 tests/shell/testcases/bogons/nft-f/flowtable-parser-err-memleak

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 5b84331f220d..aacfa2917917 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -719,7 +719,7 @@ int nft_lex(void *, void *, void *);
 %destructor { handle_free(&$$); } obj_spec objid_spec obj_or_id_spec
 
 %type <handle>			set_identifier flowtableid_spec flowtable_identifier obj_identifier
-%destructor { handle_free(&$$); } set_identifier flowtableid_spec obj_identifier
+%destructor { handle_free(&$$); } set_identifier flowtableid_spec flowtable_identifier obj_identifier
 
 %type <handle>			basehook_spec
 %destructor { handle_free(&$$); } basehook_spec
@@ -2427,6 +2427,7 @@ flowtable_block		:	/* empty */	{ $$ = $<flowtable>-1; }
 					erec_queue(error(&@3, "unknown chain hook"),
 						   state->msgs);
 					free_const($3);
+					expr_free($4.expr);
 					YYERROR;
 				}
 				free_const($3);
diff --git a/tests/shell/testcases/bogons/nft-f/flowtable-parser-err-memleak b/tests/shell/testcases/bogons/nft-f/flowtable-parser-err-memleak
new file mode 100644
index 000000000000..ca0480bfc943
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/flowtable-parser-err-memleak
@@ -0,0 +1,5 @@
+table ip t {
+        flowtable f {
+                hook enoent priority filter + 10
+        }
+}
-- 
2.49.1