parser_json: Fix for memleak in tcp option error path

If 'kind' value is invalid, the function returned without freeing 'expr'
first. Fix this by performing the check before allocation.

Fixes: cb21869649208 ("json: tcp: add raw tcp option match support")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/parser_json.c b/src/parser_json.c
index e6a0233ab6ce347acab7e895865a3a67a74392e9..bb0e4169b477d296f82dc2f2fc433b74d334a2d2 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -603,12 +603,12 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx,
                        "base", &kind, "offset", &offset, "len", &len)) {
                uint32_t flag = 0;
 
-               expr = tcpopt_expr_alloc(int_loc, kind,
-                                        TCPOPT_COMMON_KIND);
-
                if (kind < 0 || kind > 255)
                        return NULL;
 
+               expr = tcpopt_expr_alloc(int_loc, kind,
+                                        TCPOPT_COMMON_KIND);
+
                if (offset == TCPOPT_COMMON_KIND && len == 8)
                        flag = NFT_EXTHDR_F_PRESENT;