From bd14bba9c62a86e28b3423c9056e6549581df323 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 1 Feb 2016 12:40:40 +0100
Subject: netlink_delinearize: prune implicit binop before
 payload_match_postprocess()

payload_match_postprocess() expects a relational with payload of his lhs
and value on the rhs.

Moreover, payload_match_expand() releases the previous expression so
valgrind reports an use-after-free when pruning the implicit binop.

Fix this by calling payload_match_postprocess() in first place.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/netlink_delinearize.c')

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 7d94f309..ae6abb07 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1229,13 +1229,12 @@ static void binop_postprocess(struct rule_pp_ctx *ctx, struct expr *expr)
 			value->len = payload->len;
 		}
 
-		payload_match_postprocess(ctx, expr, payload);
-
 		assert(expr->left->ops->type == EXPR_BINOP);
-
 		assert(binop->left == payload);
 		expr->left = expr_get(payload);
 		expr_free(binop);
+
+		payload_match_postprocess(ctx, expr, payload);
 	}
 }
 
-- 
cgit v1.2.3