From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 1 Feb 2016 11:40:40 +0000 (+0100)
Subject: netlink_delinearize: prune implicit binop before payload_match_postprocess()
X-Git-Tag: v0.6~121
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd14bba9c62a86e28b3423c9056e6549581df323;p=thirdparty%2Fnftables.git

netlink_delinearize: prune implicit binop before payload_match_postprocess()

payload_match_postprocess() expects a relational with payload of his lhs
and value on the rhs.

Moreover, payload_match_expand() releases the previous expression so
valgrind reports an use-after-free when pruning the implicit binop.

Fix this by calling payload_match_postprocess() in first place.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 7d94f309a..ae6abb072 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1229,13 +1229,12 @@ static void binop_postprocess(struct rule_pp_ctx *ctx, struct expr *expr)
 			value->len = payload->len;
 		}
 
-		payload_match_postprocess(ctx, expr, payload);
-
 		assert(expr->left->ops->type == EXPR_BINOP);
-
 		assert(binop->left == payload);
 		expr->left = expr_get(payload);
 		expr_free(binop);
+
+		payload_match_postprocess(ctx, expr, payload);
 	}
 }