From c26cb9abd386cf751e20292775a1c16ab6c39578 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Sun, 24 Nov 2024 21:23:40 +0100
Subject: [PATCH] detect/transform: fix leak in xor transform parse

Fixes: 8984bc680112 ("transforms: move xor to rust")
---
 rust/src/detect/transforms/xor.rs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rust/src/detect/transforms/xor.rs b/rust/src/detect/transforms/xor.rs
index cf801170d9..b8b40400ac 100644
--- a/rust/src/detect/transforms/xor.rs
+++ b/rust/src/detect/transforms/xor.rs
@@ -60,13 +60,17 @@ unsafe fn xor_parse(raw: *const std::os::raw::c_char) -> *mut c_void {
 
 #[no_mangle]
 unsafe extern "C" fn xor_setup(
-    _de: *mut c_void, s: *mut c_void, opt_str: *const std::os::raw::c_char,
+    de: *mut c_void, s: *mut c_void, opt_str: *const std::os::raw::c_char,
 ) -> c_int {
     let ctx = xor_parse(opt_str);
     if ctx.is_null() {
         return -1;
     }
-    return DetectSignatureAddTransform(s, G_TRANSFORM_XOR_ID, ctx);
+    let r = DetectSignatureAddTransform(s, G_TRANSFORM_XOR_ID, ctx);
+    if r != 0 {
+        xor_free(de, ctx);
+    }
+    return r;
 }
 
 fn xor_transform_do(input: &[u8], output: &mut [u8], ctx: &DetectTransformXorData) {
-- 
2.47.2