From: Victor Julien <victor@inliniac.net>
Date: Mon, 29 Jan 2018 10:26:01 +0000 (+0100)
Subject: pcre: don't leak memory in data extraction
X-Git-Tag: suricata-4.0.4~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6936c34fa8a80bc74f70fc8f3ef4e1701394656;p=thirdparty%2Fsuricata.git

pcre: don't leak memory in data extraction
---

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index 888492a579..20776ddd1e 100644
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -223,19 +223,23 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
                 uint8_t x;
                 for (x = 0; x < pe->idx; x++) {
                     SCLogDebug("capturing %u", x);
-                    const char *str_ptr;
+                    const char *str_ptr = NULL;
                     ret = pcre_get_substring((char *)ptr, ov, MAX_SUBSTRINGS, x+1, &str_ptr);
-                    if (unlikely(ret == 0))
+                    if (unlikely(ret == 0)) {
+                        pcre_free_substring(str_ptr);
                         continue;
+                    }
 
                     SCLogDebug("data %p/%u, type %u id %u p %p",
                             str_ptr, ret, pe->captypes[x], pe->capids[x], p);
 
                     if (pe->captypes[x] == VAR_TYPE_PKT_VAR_KV) {
                         /* get the value, as first capture is the key */
-                        const char *str_ptr2;
+                        const char *str_ptr2 = NULL;
                         int ret2 = pcre_get_substring((char *)ptr, ov, MAX_SUBSTRINGS, x+2, &str_ptr2);
                         if (unlikely(ret2 == 0)) {
+                            pcre_free_substring(str_ptr);
+                            pcre_free_substring(str_ptr2);
                             break;
                         }
                         /* key length is limited to 256 chars */