Fix memory leak in intervention processing

defanator · Felipe Zimmerle · commit c495098964c7 · 2018-04-04T14:38:59.000-03:00
intervention.log is being allocated via strdup() here: https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/transaction.cc#L1362 and should be freed by connector.
diff --git a/src/ngx_http_modsecurity_module.c b/src/ngx_http_modsecurity_module.c
@@ -132,6 +132,7 @@ ngx_inline char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p)
 ngx_inline int
 ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r)
 {
+    char *log = NULL;
     ModSecurityIntervention intervention;
     intervention.status = 200;
     intervention.url = NULL;
@@ -145,11 +146,16 @@ ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_re
         return 0;
     }
 
+    log = intervention.log;
     if (intervention.log == NULL) {
-        intervention.log = "(no log message was specified)";
+        log = "(no log message was specified)";
     }
 
-    ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)r->connection->log, 0, "%s", intervention.log);
+    ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)r->connection->log, 0, "%s", log);
+
+    if (intervention.log != NULL) {
+        free(intervention.log);
+    }
 
     if (intervention.url != NULL)
     {

Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,7 @@ ngx_inline char ngx_str_to_char(ngx_str_t a, ngx_pool_t p)`
`132`	`132`	`ngx_inline int`
`133`	`133`	`ngx_http_modsecurity_process_intervention (Transaction transaction, ngx_http_request_t r)`
`134`	`134`	`{`
	`135`	`+ char *log = NULL;`
`135`	`136`	`ModSecurityIntervention intervention;`
`136`	`137`	`intervention.status = 200;`
`137`	`138`	`intervention.url = NULL;`
`@@ -145,11 +146,16 @@ ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_re`
`145`	`146`	`return 0;`
`146`	`147`	`}`
`147`	`148`
	`149`	`+ log = intervention.log;`
`148`	`150`	`if (intervention.log == NULL) {`
`149`		`- intervention.log = "(no log message was specified)";`
	`151`	`+ log = "(no log message was specified)";`
`150`	`152`	`}`
`151`	`153`
`152`		`- ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)r->connection->log, 0, "%s", intervention.log);`
	`154`	`+ ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)r->connection->log, 0, "%s", log);`
	`155`	`+`
	`156`	`+ if (intervention.log != NULL) {`
	`157`	`+ free(intervention.log);`
	`158`	`+ }`
`153`	`159`
`154`	`160`	`if (intervention.url != NULL)`
`155`	`161`	`{`