netlink: Fix leak in unterminated string deserializer

Allocated 'mask' expression is not freed before returning to caller,
although it is used temporarily only.

Fixes: b851ba4731d9f ("src: add interface wildcard matching")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 154353b8161a0be59c4615a7feb03accc7a29a51..06a0312b9921a13f085ce430cccd6be68eac425a 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2030,7 +2030,7 @@ static bool __expr_postprocess_string(struct expr **exprp)
 
 static struct expr *expr_postprocess_string(struct expr *expr)
 {
-       struct expr *mask;
+       struct expr *mask, *out;
 
        assert(expr_basetype(expr)->type == TYPE_STRING);
        if (__expr_postprocess_string(&expr))
@@ -2040,7 +2040,9 @@ static struct expr *expr_postprocess_string(struct expr *expr)
                                   BYTEORDER_HOST_ENDIAN,
                                   expr->len + BITS_PER_BYTE, NULL);
        mpz_init_bitmask(mask->value, expr->len);
-       return string_wildcard_expr_alloc(&expr->location, mask, expr);
+       out = string_wildcard_expr_alloc(&expr->location, mask, expr);
+       expr_free(mask);
+       return out;
 }
 
 static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp)