evaluate: memleak in invalid default policy definition

Release the clone expression from the exit path.

Fixes: 5173151863d3 ("evaluate: replace variable expression by the value expression")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index a84e9609c1ff6e825ee9168ab24a493e88b16bea..a9822ebc85bbdd80c669e27e8d108d0837d1c931 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2017,8 +2017,10 @@ static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp)
 {
        struct expr *new = expr_clone((*exprp)->sym->expr);
 
-       if (expr_evaluate(ctx, &new) < 0)
+       if (expr_evaluate(ctx, &new) < 0) {
+               expr_free(new);
                return -1;
+       }
 
        expr_free(*exprp);
        *exprp = new;