evaluate: memleak in binary operation transfer to RHS

Remove useless reference count grabbing on constant expression that
results in a memleak.

Direct leak of 136 byte(s) in 1 object(s) allocated from:
    #0 0x7f4cd54af330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
    #1 0x7f4cd4d9e489 in xmalloc /home/.../devel/nftables/src/utils.c:36
    #2 0x7f4cd4d9e648 in xzalloc /home/.../devel/nftables/src/utils.c:75
    #3 0x7f4cd4caf8c6 in expr_alloc /home/.../devel/nftables/src/expression.c:45
    #4 0x7f4cd4cb36e9 in constant_expr_alloc /home/.../devel/nftables/src/expression.c:419
    #5 0x7f4cd4ca714c in integer_type_parse /home/.../devel/nftables/src/datatype.c:397
    #6 0x7f4cd4ca4bee in symbolic_constant_parse /home/.../devel/nftables/src/datatype.c:165
    #7 0x7f4cd4ca4572 in symbol_parse /home/.../devel/nftables/src/datatype.c:135
    #8 0x7f4cd4cc333f in expr_evaluate_symbol /home/.../devel/nftables/src/evaluate.c:251
[...]
Indirect leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x7f4cd54af330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
    #1 0x7f4cd4d9e489 in xmalloc /home/.../devel/nftables/src/utils.c:36
    #2 0x7f4cd46185c5 in __gmpz_init2 (/usr/lib/x86_64-linux-gnu/libgmp.so.10+0x1c5c5)

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 77fb24594735d1d6ff5f7d65166363280a5c3424..35ef8a37617083011358c6d6caea1121f8aa8a0f 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1770,8 +1770,6 @@ static int binop_transfer_one(struct eval_ctx *ctx,
                return 0;
        }
 
-       expr_get(*right);
-
        switch (left->op) {
        case OP_LSHIFT:
                (*right) = binop_expr_alloc(&(*right)->location, OP_RSHIFT,