moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

Curl_http2_done: fix memleak in error path 

Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
early failures.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
Closes #3046
This commit is contained in:
Daniel Stenberg 2018-09-25 11:48:43 +02:00
parent 4058cf2a7f
commit 304bb2f7c1
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/http2.c
View File

@ -1142,12 +1142,8 @@ void Curl_http2_done(struct connectdata *conn, bool premature)
struct HTTP *http = data->req.protop;
struct http_conn *httpc = &conn->proto.httpc;
if(!httpc->h2) /* not HTTP/2 ? */
return;
if(data->state.drain)
drained_transfer(data, httpc);
/* there might be allocated resources done before this got the 'h2' pointer
setup */
if(http->header_recvbuf) {
Curl_add_buffer_free(&http->header_recvbuf);
Curl_add_buffer_free(&http->trailer_recvbuf);
@ -1161,6 +1157,12 @@ void Curl_http2_done(struct connectdata *conn, bool premature)
}
}
if(!httpc->h2) /* not HTTP/2 ? */
return;
if(data->state.drain)
drained_transfer(data, httpc);
if(premature) {
/* RST_STREAM */
if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE,