Hello,

I think there's a memory leak in authz.c, oidc_authz_match_expression.
In the 'else if' branch there's a loop in which oidc_pcre_exec is called. This function allocates pcre->match_data. This match_data is indeed freed, but only once, outside the loop. So if the loop is executed several times, match_data is allocated several times but only the last allocation is freed.

I propose the attached patch.
oidc_pcre.txt