From c6582df2e5e3a92ba4b90e2a6cfaeb89f61bcadf Mon Sep 17 00:00:00 2001
From: Martin Vierula <martin.vierula@trustwave.com>
Date: Wed, 29 Dec 2021 06:46:25 -0800
Subject: [PATCH] Fix memory leak that occurs on JSON parsing error

---
 CHANGES            |  2 ++
 apache2/msc_json.c | 10 ++++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index dde61508..e54a3d98 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.x (to be released)
 -------------------
 
+ * Fix memory leak that occurs on JSON parsing error
+   [Issue #2236 @argenet, @vloup, @martinhsv]
  * Multipart names/filenames may include single quote if double-quote enclosed
    [Issue #2352 @martinhsv]
  * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
diff --git a/apache2/msc_json.c b/apache2/msc_json.c
index d69e9eb7..c781b3ae 100644
--- a/apache2/msc_json.c
+++ b/apache2/msc_json.c
@@ -351,11 +351,12 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
     /* Feed our parser and catch any errors */
     msr->json->status = yajl_parse(msr->json->handle, buf, size);
     if (msr->json->status != yajl_status_ok) {
-        /* We need to free the yajl error message later, how to do this? */
 	if (msr->json->depth_limit_exceeded) {
            *error_msg = "JSON depth limit exceeded";
 	} else {
-           *error_msg = yajl_get_error(msr->json->handle, 0, NULL, 0);
+           char *yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
+           *error_msg = apr_pstrdup(msr->mp, yajl_err);
+           yajl_free_error(msr->json->handle, yajl_err);
 	}
         return -1;
     }
@@ -375,11 +376,12 @@ int json_complete(modsec_rec *msr, char **error_msg) {
     /* Wrap up the parsing process */
     msr->json->status = yajl_complete_parse(msr->json->handle);
     if (msr->json->status != yajl_status_ok) {
-        /* We need to free the yajl error message later, how to do this? */
 	if (msr->json->depth_limit_exceeded) {
            *error_msg = "JSON depth limit exceeded";
 	} else {
-           *error_msg = yajl_get_error(msr->json->handle, 0, NULL, 0);
+           char *yajl_err = yajl_get_error(msr->json->handle, 0, NULL, 0);
+           *error_msg = apr_pstrdup(msr->mp, yajl_err);
+           yajl_free_error(msr->json->handle, yajl_err);
 	}
 
         return -1;