From: Joshua Rogers <jrogers@opera.com>
Date: Fri, 19 Nov 2021 16:32:23 +0000 (+0100)
Subject: get_url_spec_param(): Free memory of compiled pattern spec before bailing
X-Git-Tag: v_3_0_33~8
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=652b4b7cb0

get_url_spec_param(): Free memory of compiled pattern spec before bailing

OVE-20211201-0003. CVE-2021-44540.
---

diff --git a/cgiedit.c b/cgiedit.c
index 3b8b12c9..e73d5ee7 100644
--- a/cgiedit.c
+++ b/cgiedit.c
@@ -1899,12 +1899,12 @@ static jb_err get_url_spec_param(struct client_state *csp,
    }
    err = create_pattern_spec(compiled, s);
    free(s);
+   free_pattern_spec(compiled);
    if (err)
    {
       free(param);
       return (err == JB_ERR_MEMORY) ? JB_ERR_MEMORY : JB_ERR_CGI_PARAMS;
    }
-   free_pattern_spec(compiled);
 
    if (param[strlen(param) - 1] == '\\')
    {
@@ -1935,12 +1935,12 @@ static jb_err get_url_spec_param(struct client_state *csp,
       }
       err = create_pattern_spec(compiled, s);
       free(s);
+      free_pattern_spec(compiled);
       if (err)
       {
          free(param);
          return (err == JB_ERR_MEMORY) ? JB_ERR_MEMORY : JB_ERR_CGI_PARAMS;
       }
-      free_pattern_spec(compiled);
    }
 
    *pvalue = param;