netlink_delinearize: release expressions in context registers

netlink_release_registers() needs to go a bit further to release the
expressions in the register array. This should be safe since
netlink_get_register() clones expressions in the context registers.

Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 6 insertions, 4 deletions

diff --git a/include/netlink.h b/include/netlink.h
index a20ebbe4..0c08b1ab 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -14,12 +14,14 @@
 
 #include <rule.h>
 
+#define MAX_REGS	(1 + NFT_REG32_15 - NFT_REG32_00)
+
 struct netlink_parse_ctx {
 	struct list_head	*msgs;
 	struct table		*table;
 	struct rule		*rule;
 	struct stmt		*stmt;
-	struct expr		*registers[1 + NFT_REG32_15 - NFT_REG32_00 + 1];
+	struct expr		*registers[MAX_REGS + 1];
 	unsigned int		debug_mask;
 };
 
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index c018e78b..a1c775e6 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -63,7 +63,7 @@ static void netlink_set_register(struct netlink_parse_ctx *ctx,
 				 enum nft_registers reg,
 				 struct expr *expr)
 {
-	if (reg == NFT_REG_VERDICT || reg > 1 + NFT_REG32_15 - NFT_REG32_00) {
+	if (reg == NFT_REG_VERDICT || reg > MAX_REGS) {
 		netlink_error(ctx, &expr->location,
 			      "Invalid destination register %u", reg);
 		expr_free(expr);
@@ -82,7 +82,7 @@ static struct expr *netlink_get_register(struct netlink_parse_ctx *ctx,
 {
 	struct expr *expr;
 
-	if (reg == NFT_REG_VERDICT || reg > 1 + NFT_REG32_15 - NFT_REG32_00) {
+	if (reg == NFT_REG_VERDICT || reg > MAX_REGS) {
 		netlink_error(ctx, loc, "Invalid source register %u", reg);
 		return NULL;
 	}
@@ -98,7 +98,7 @@ static void netlink_release_registers(struct netlink_parse_ctx *ctx)
 {
 	int i;
 
-	for (i = 0; i <= NFT_REG_MAX; i++)
+	for (i = 0; i < MAX_REGS; i++)
 		expr_free(ctx->registers[i]);
 }