From 620c4863eca6414788412e53e46afacaeebda27e Mon Sep 17 00:00:00 2001
From: Heiko Weber <heiko@wecos.de>
Date: Thu, 16 Jun 2022 12:28:55 +0200
Subject: [PATCH] Fix possible leaks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- content_type_dup may leak on further post request
- local content_type isn’t free’ed on unsupported content-type
---
 main/SAPI.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/main/SAPI.c b/main/SAPI.c
index 70ed6a2b9c835..538b79f1cd4c9 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -209,8 +209,12 @@ static void sapi_read_post_data(void)
 		SG(request_info).post_entry = NULL;
 		if (!sapi_module.default_post_reader) {
 			/* no default reader ? */
-			SG(request_info).content_type_dup = NULL;
+			if (SG(request_info).content_type_dup) {
+				efree(SG(request_info).content_type_dup);
+				SG(request_info).content_type_dup = NULL;
+			}
 			sapi_module.sapi_error(E_WARNING, "Unsupported content type:  '%s'", content_type);
+			efree(content_type);
 			return;
 		}
 	}
@@ -218,6 +222,9 @@ static void sapi_read_post_data(void)
 		*(p-1) = oldchar;
 	}
 
+	if (SG(request_info).content_type_dup) {
+		efree(SG(request_info).content_type_dup);
+	}
 	SG(request_info).content_type_dup = content_type;
 
 	if(post_reader_func) {
@@ -466,6 +473,9 @@ SAPI_API void sapi_activate(void)
 			 * depending on given content type */
 			sapi_read_post_data();
 		} else {
+			if (SG(request_info).content_type_dup) {
+				efree(SG(request_info).content_type_dup);
+			}
 			SG(request_info).content_type_dup = NULL;
 		}