I think there's a memory leak in authz.c, oidc_authz_match_expression.
In the 'else if' branch there's a loop in which oidc_pcre_exec is called. This function allocates pcre->match_data. This match_data is indeed freed, but only once, outside the loop. So if the loop is executed several times, match_data is allocated several times but only the last allocation is freed.
Hello,
I think there's a memory leak in authz.c, oidc_authz_match_expression. In the 'else if' branch there's a loop in which
oidc_pcre_execis called. This function allocatespcre->match_data. Thismatch_datais indeed freed, but only once, outside the loop. So if the loop is executed several times,match_datais allocated several times but only the last allocation is freed.I propose the attached patch. oidc_pcre.txt