From: Zemeteri Kamimizu <zemeterisan@gmail.com>
Date: Thu, 3 Oct 2024 10:05:55 +0000 (+0300)
Subject: detect: add new_de_ctx release in case of errors in initialization
X-Git-Tag: suricata-8.0.0-beta1~821
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=adcac9ee0f8a20b68ca394ce0628063bc5c2ce7c;p=thirdparty%2Fsuricata.git

detect: add new_de_ctx release in case of errors in initialization

Detect engine tenant reloading function hasn't got engine release call
under error label, so it is possible memory leak in case of errors in
further new detect engine initialization.

Bug: #7303
---

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 58b5c9967c..be2f5b462a 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -3931,12 +3931,12 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
     new_de_ctx->tenant_path = SCStrdup(filename);
     if (new_de_ctx->tenant_path == NULL) {
         SCLogError("Failed to duplicate path");
-        goto error;
+        goto new_de_ctx_error;
     }
 
     if (SigLoadSignatures(new_de_ctx, NULL, false) < 0) {
         SCLogError("Loading signatures failed.");
-        goto error;
+        goto new_de_ctx_error;
     }
 
     DetectEngineAddToMaster(new_de_ctx);
@@ -3946,6 +3946,9 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
     DetectEngineDeReference(&old_de_ctx);
     return 0;
 
+new_de_ctx_error:
+    DetectEngineCtxFree(new_de_ctx);
+
 error:
     DetectEngineDeReference(&old_de_ctx);
     return -1;