From 1bf55502dcad69e14ab9fe2b35fd29a15ab19c89 Mon Sep 17 00:00:00 2001
From: Zemeteri Kamimizu <zemeterisan@gmail.com>
Date: Thu, 3 Oct 2024 13:05:55 +0300
Subject: [PATCH] detect: add new_de_ctx release in case of errors in
 initialization

Detect engine tenant reloading function hasn't got engine release call
under error label, so it is possible memory leak in case of errors in
further new detect engine initialization.

Bug: #7303
(cherry picked from commit adcac9ee0f8a20b68ca394ce0628063bc5c2ce7c)
---
 src/detect-engine.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/detect-engine.c b/src/detect-engine.c
index c86366314513..9cfb222dd421 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -3919,12 +3919,12 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
     new_de_ctx->tenant_path = SCStrdup(filename);
     if (new_de_ctx->tenant_path == NULL) {
         SCLogError("Failed to duplicate path");
-        goto error;
+        goto new_de_ctx_error;
     }
 
     if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) {
         SCLogError("Loading signatures failed.");
-        goto error;
+        goto new_de_ctx_error;
     }
 
     DetectEngineAddToMaster(new_de_ctx);
@@ -3934,6 +3934,9 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
     DetectEngineDeReference(&old_de_ctx);
     return 0;
 
+new_de_ctx_error:
+    DetectEngineCtxFree(new_de_ctx);
+
 error:
     DetectEngineDeReference(&old_de_ctx);
     return -1;