From c43e078db87b535efa066829f5bd45f2e1917981 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 27 Sep 2013 14:46:30 +0200
Subject: [PATCH] ipproto: improve cleanup

To address:
~~Dr.M~~ Error #2: LEAK 16 direct bytes 0x08399688-0x08399698 + 2 indirect bytes
~~Dr.M~~ # 0 replace_malloc                      [/work/drmemory_package/common/alloc_replace.c:2292]
~~Dr.M~~ # 1 SigMatchAlloc                       [/home/victor/dev/oisf/src/detect-parse.c:201]
~~Dr.M~~ # 2 DetectIPProtoSetup                  [/home/victor/dev/oisf/src/detect-ipproto.c:523]
~~Dr.M~~ # 3 SigParseOptions                     [/home/victor/dev/oisf/src/detect-parse.c:510]
~~Dr.M~~ # 4 SigParseOptions                     [/home/victor/dev/oisf/src/detect-parse.c:523]
~~Dr.M~~ # 5 SigParse                            [/home/victor/dev/oisf/src/detect-parse.c:881]
~~Dr.M~~ # 6 SigInitHelper                       [/home/victor/dev/oisf/src/detect-parse.c:1309]
~~Dr.M~~ # 7 SigInit                             [/home/victor/dev/oisf/src/detect-parse.c:1456]
~~Dr.M~~ # 8 DetectEngineAppendSig               [/home/victor/dev/oisf/src/detect-parse.c:1728]
~~Dr.M~~ # 9 DetectLoadSigFile                   [/home/victor/dev/oisf/src/detect.c:334]
~~Dr.M~~ #10 SigLoadSignatures                   [/home/victor/dev/oisf/src/detect.c:422]
~~Dr.M~~ #11 LoadSignatures                      [/home/victor/dev/oisf/src/suricata.c:1706]
---
 src/detect-ipproto.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c
index 81b8fa0912..89e25ca933 100644
--- a/src/detect-ipproto.c
+++ b/src/detect-ipproto.c
@@ -57,6 +57,7 @@ static pcre_extra *parse_regex_study;
 static int DetectIPProtoSetup(DetectEngineCtx *, Signature *, char *);
 static DetectIPProtoData *DetectIPProtoParse(const char *);
 static void DetectIPProtoRegisterTests(void);
+static void DetectIPProtoFree(void *);
 
 void DetectIPProtoRegister(void)
 {
@@ -69,7 +70,7 @@ void DetectIPProtoRegister(void)
     sigmatch_table[DETECT_IPPROTO].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#ip_proto";
     sigmatch_table[DETECT_IPPROTO].Match = NULL;
     sigmatch_table[DETECT_IPPROTO].Setup = DetectIPProtoSetup;
-    sigmatch_table[DETECT_IPPROTO].Free  = NULL;
+    sigmatch_table[DETECT_IPPROTO].Free  = DetectIPProtoFree;
     sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests;
 
     parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
@@ -80,15 +81,18 @@ void DetectIPProtoRegister(void)
     }
 
     parse_regex_study = pcre_study(parse_regex, 0, &eb);
-    if (eb != NULL) {
-        SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
+    if (parse_regex_study == NULL || eb != NULL) {
+        SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb ? eb : "unknown");
         goto error;
     }
 
     return;
 
 error:
-    /* XXX */
+    if (parse_regex)
+        pcre_free(parse_regex);
+    if (parse_regex_study)
+        pcre_free_study(parse_regex_study);
     return;
 }
 
@@ -547,12 +551,20 @@ void DetectIPProtoRemoveAllSMs(Signature *s)
         }
         SigMatch *tmp_sm = sm->next;
         SigMatchRemoveSMFromList(s, sm, DETECT_SM_LIST_MATCH);
+        SigMatchFree(sm);
         sm = tmp_sm;
     }
 
     return;
 }
 
+static void DetectIPProtoFree(void *ptr) {
+    DetectIPProtoData *data = (DetectIPProtoData *)ptr;
+    if (data) {
+        SCFree(data);
+    }
+}
+
 /* UNITTESTS */
 #ifdef UNITTESTS