From c48d1d6d08996116cbcea55cd3fc6c2a558e499a Mon Sep 17 00:00:00 2001
From: Joshua Rogers <jrogers@opera.com>
Date: Fri, 19 Nov 2021 18:57:26 +0100
Subject: [PATCH 1/1] send_http_request(): Prevent memory leaks when handling
 errors

OVE-20211201-0001. CVE-2021-44542.
---
 jcc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/jcc.c b/jcc.c
index 659521c7..2d6ba77d 100644
--- a/jcc.c
+++ b/jcc.c
@@ -2206,6 +2206,7 @@ static int send_http_request(struct client_state *csp)
          update_client_headers(csp, to_send_len))
       {
          log_error(LOG_LEVEL_HEADER, "Error updating client headers");
+         freez(to_send);
          return 1;
       }
       csp->expected_client_content_length = 0;
@@ -2230,6 +2231,10 @@ static int send_http_request(struct client_state *csp)
    {
       log_error(LOG_LEVEL_CONNECT, "Failed sending request headers to: %s: %E",
          csp->http->hostport);
+      if (filter_client_body)
+      {
+         freez(to_send);
+      }
       return 1;
    }
 
-- 
2.39.2