iptables: free xtables_match if found in need_protomatch

Fix Coverity Scan ID 1529284 by freeing the xtables_match from
xtables_find_match if found.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

diff --git a/iptables.c b/iptables.c
index 49b34394dfec4df361ec1cf6778cade831454c7c..83308ec240bdc0e189db246ea1f7c81a56bec8e3 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -709,12 +709,16 @@ init_match(struct fw3_ipt_rule *r, struct xtables_match *m, bool no_clone)
 static bool
 need_protomatch(struct fw3_ipt_rule *r, const char *pname)
 {
+       struct xtables_match *match;
+
        if (!pname)
                return false;
 
-       if (!xtables_find_match(pname, XTF_DONT_LOAD, NULL))
+       match = xtables_find_match(pname, XTF_DONT_LOAD, NULL);
+       if (!match)
                return true;
 
+       free(match);
        return !r->protocol_loaded;
 }