netlink_delinearize: prune implicit binop before payload_match_postprocess()

payload_match_postprocess() expects a relational with payload of his lhs
and value on the rhs.

Moreover, payload_match_expand() releases the previous expression so
valgrind reports an use-after-free when pruning the implicit binop.

Fix this by calling payload_match_postprocess() in first place.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 7d94f309a540976d7efb8b5b86ee5a1db9874887..ae6abb072979dbe0deba7a186c9c1de061508851 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1229,13 +1229,12 @@ static void binop_postprocess(struct rule_pp_ctx *ctx, struct expr *expr)
                        value->len = payload->len;
                }
 
-               payload_match_postprocess(ctx, expr, payload);
-
                assert(expr->left->ops->type == EXPR_BINOP);
-
                assert(binop->left == payload);
                expr->left = expr_get(payload);
                expr_free(binop);
+
+               payload_match_postprocess(ctx, expr, payload);
        }
 }