From 652b4b7cb07592c0912cf938a50fcd009fa29a0a Mon Sep 17 00:00:00 2001
From: Joshua Rogers <jrogers@opera.com>
Date: Fri, 19 Nov 2021 17:32:23 +0100
Subject: [PATCH] get_url_spec_param(): Free memory of compiled pattern spec
 before bailing

OVE-20211201-0003. CVE-2021-44540.
---
 cgiedit.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cgiedit.c b/cgiedit.c
index 3b8b12c9..e73d5ee7 100644
--- a/cgiedit.c
+++ b/cgiedit.c
@@ -1899,12 +1899,12 @@ static jb_err get_url_spec_param(struct client_state *csp,
    }
    err = create_pattern_spec(compiled, s);
    free(s);
+   free_pattern_spec(compiled);
    if (err)
    {
       free(param);
       return (err == JB_ERR_MEMORY) ? JB_ERR_MEMORY : JB_ERR_CGI_PARAMS;
    }
-   free_pattern_spec(compiled);
 
    if (param[strlen(param) - 1] == '\\')
    {
@@ -1935,12 +1935,12 @@ static jb_err get_url_spec_param(struct client_state *csp,
       }
       err = create_pattern_spec(compiled, s);
       free(s);
+      free_pattern_spec(compiled);
       if (err)
       {
          free(param);
          return (err == JB_ERR_MEMORY) ? JB_ERR_MEMORY : JB_ERR_CGI_PARAMS;
       }
-      free_pattern_spec(compiled);
    }
 
    *pvalue = param;
-- 
2.39.2