detect: add new_de_ctx release in case of errors in initialization

Detect engine tenant reloading function hasn't got engine release call under error label, so it is possible memory leak in case of errors in further new detect engine initialization. Bug: #7303 (cherry picked from commit adcac9e)
OISF · Oct 21, 2024 · 1bf5550 · 1bf5550
1 parent 8810d7f
commit 1bf5550
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/detect-engine.c b/src/detect-engine.c
@@ -3919,12 +3919,12 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
  new_de_ctx->tenant_path = SCStrdup(filename);
  if (new_de_ctx->tenant_path == NULL) {
  SCLogError("Failed to duplicate path");
- goto error;
+ goto new_de_ctx_error;
  }
 
  if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) {
  SCLogError("Loading signatures failed.");
- goto error;
+ goto new_de_ctx_error;
  }
 
  DetectEngineAddToMaster(new_de_ctx);
@@ -3934,6 +3934,9 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
  DetectEngineDeReference(&old_de_ctx);
  return 0;
 
+new_de_ctx_error:
+ DetectEngineCtxFree(new_de_ctx);
+
 error:
  DetectEngineDeReference(&old_de_ctx);
  return -1;