From 0cd736af2250d3ab48dd83673dd79dd117012a0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Wed, 17 Jun 2026 21:54:15 +0200
Subject: [PATCH] relay/api: fix memory leak in resources "handshake", "input"
 and "completion"

---
 CHANGELOG.md                               |  1 +
 src/plugins/relay/api/relay-api-protocol.c | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf40e0055..243f9cece 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 ### Fixed
 
 - core: fix buffer overflow in connection to SOCKS5 proxy ([#2325](https://github.com/weechat/weechat/issues/2325))
+- relay/api: fix memory leak in resources "handshake", "input" and "completion"
 - xfer: fix out-of-bounds write in xfer file transfer resume ([#2326](https://github.com/weechat/weechat/issues/2326))
 
 ## Version 4.9.2 (2026-06-07)
diff --git a/src/plugins/relay/api/relay-api-protocol.c b/src/plugins/relay/api/relay-api-protocol.c
index f17392165..f1f9babe4 100644
--- a/src/plugins/relay/api/relay-api-protocol.c
+++ b/src/plugins/relay/api/relay-api-protocol.c
@@ -402,7 +402,10 @@ RELAY_API_PROTOCOL_CALLBACK(handshake)
     if (json_body)
     {
         if (!cJSON_IsObject (json_body))
+        {
+            cJSON_Delete (json_body);
             return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+        }
         json_algos = cJSON_GetObjectItem (json_body, "password_hash_algo");
         if (json_algos)
         {
@@ -781,8 +784,13 @@ RELAY_API_PROTOCOL_CALLBACK(input)
     char str_delay[32];
 
     json_body = cJSON_Parse (client->http_req->body);
-    if (!json_body || !cJSON_IsObject (json_body))
+    if (!json_body)
         return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+    if (!cJSON_IsObject (json_body))
+    {
+        cJSON_Delete (json_body);
+        return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+    }
 
     /* get buffer either by name or by id */
     ptr_buffer = NULL;
@@ -908,8 +916,13 @@ RELAY_API_PROTOCOL_CALLBACK(completion)
     struct t_gui_buffer *ptr_buffer;
 
     json_body = cJSON_Parse (client->http_req->body);
-    if (!json_body || !cJSON_IsObject(json_body))
+    if (!json_body)
         return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+    if (!cJSON_IsObject(json_body))
+    {
+        cJSON_Delete (json_body);
+        return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+    }
 
     /* get buffer either by name or by id */
     ptr_buffer = NULL;