parser_json: release buffer returned by json_dumps

The signature of `json_dumps` is:

`char *json_dumps(const json_t *json, size_t flags)`:

It will return a pointer to an owned string, the caller must free it.
However, `json_error` just borrows the string to format it as `%s`, but
after printing the formatted error message, the pointer to the string is
lost and thus never freed.

Fixes: 586ad210368b ("libnftables: Implement JSON parser")
Signed-off-by: Sebastian Walz (sivizius) <sebastian.walz@secunet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_json.c b/src/parser_json.c
index 4912d3608b2bfea3f3cc9e0bce47d2446cf004bb..fc20fe2969f717df91040624d8c8b24f0f8c9bdb 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -181,8 +181,11 @@ static int json_unpack_stmt(struct json_ctx *ctx, json_t *root,
        assert(value);
 
        if (json_object_size(root) != 1) {
+               const char *dump = json_dumps(root, 0);
+
                json_error(ctx, "Malformed object (too many properties): '%s'.",
-                          json_dumps(root, 0));
+                          dump);
+               free_const(dump);
                return 1;
        }
 
@@ -3378,8 +3381,10 @@ static struct cmd *json_parse_cmd_add_set(struct json_ctx *ctx, json_t *root,
                } else if ((set->data = json_parse_dtype_expr(ctx, tmp))) {
                        set->flags |= NFT_SET_MAP;
                } else {
-                       json_error(ctx, "Invalid map type '%s'.",
-                                  json_dumps(tmp, 0));
+                       const char *dump = json_dumps(tmp, 0);
+
+                       json_error(ctx, "Invalid map type '%s'.", dump);
+                       free_const(dump);
                        set_free(set);
                        handle_free(&h);
                        return NULL;