[gupnp/gupnp-1.0] Don't unref the mask

[Jens Georg <jensgeorg src gnome org>]

commit 9ddd4d71255b4f78e4637ada7642cd88176145ed
Author: Emilio Pozuelo Monfort <pochu27 gmail com>
Date:   Tue Aug 4 14:31:29 2020 +0200

    Don't unref the mask
    
    With gssdp 1.0, we don't get a ref from get_network_mask(), so by
    freeing it and requesting it again later we can run into a UAF
    and segfault:
    
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==8938==ERROR: AddressSanitizer: SEGV on unknown address 0x00009fff8000 (pc 0x7f85bf7ba1af bp 
0x7ffdbfb84440 sp 0x7ffdbfb84400 T0)
    ==8938==The signal is caused by a READ memory access.
        #0 0x7f85bf7ba1ae in gssdp_client_get_address_mask gssdp-1.0.5/libgssdp/gssdp-client.c:946
        #1 0x7f85c01a18b2 in gupnp_context_ip_is_ours gupnp-1.0.5/libgupnp/gupnp-context.c:1578
        #2 0x7f85c01b7958 in add_subscription_callback gupnp-1.0.5/libgupnp/gupnp-service.c:1201

 libgupnp/gupnp-context.c | 1 -
 1 file changed, 1 deletion(-)
---
diff --git a/libgupnp/gupnp-context.c b/libgupnp/gupnp-context.c
index aac917d..1732bf4 100644
--- a/libgupnp/gupnp-context.c
+++ b/libgupnp/gupnp-context.c
@@ -1577,7 +1577,6 @@ gupnp_context_ip_is_ours (GUPnPContext *context, const char *address)
 
         mask = gssdp_client_get_address_mask (GSSDP_CLIENT (context));
         retval = g_inet_address_mask_matches (mask, addr);
-        g_object_unref (mask);
 
 out:
         g_object_unref (addr);