Fix memory leak that occurs on JSON parsing error

[vkrivopalov]

ModSecurity uses a dynamically allocated error message when JSON parsing
fails but never releases it properly.

Signed-off-by: Vladimir Krivopalov [email protected]

[zimmerle]

Thank you for the contribution @argenet.

[marcstern]

We're using this in prod from Feb. in dozens of environments

[vloup]

This PR cannot get merged since release v2.9.5.

This is my suggested rebase:

diff --git a/apache2/msc_json.c b/apache2/msc_json.c
index d69e9eb7..7d76dc05 100644
--- a/apache2/msc_json.c
+++ b/apache2/msc_json.c
@@ -355,7 +355,9 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
        if (msr->json->depth_limit_exceeded) {
            *error_msg = "JSON depth limit exceeded";
        } else {
-           *error_msg = yajl_get_error(msr->json->handle, 0, NULL, 0);
+           char *yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
+           *error_msg = apr_pstrdup(msr->mp, yajl_err);
+           yajl_free_error(msr->json->handle, yajl_err);
        }
         return -1;
     }
@@ -379,7 +381,9 @@ int json_complete(modsec_rec *msr, char **error_msg) {
        if (msr->json->depth_limit_exceeded) {
            *error_msg = "JSON depth limit exceeded";
        } else {
-           *error_msg = yajl_get_error(msr->json->handle, 0, NULL, 0);
+           char *yajl_err = yajl_get_error(msr->json->handle, 0, NULL, 0);
+           *error_msg = apr_pstrdup(msr->mp, yajl_err);
+           yajl_free_error(msr->json->handle, yajl_err);
        }
 
         return -1;

What do you think @argenet ?

[martinhsv]

Replaced by equivalent #2663 and merged.

Thanks all.