1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

curl_sasl: Fix memory leak in digest parser

If any parameter in a HTTP DIGEST challenge message is present multiple
times, memory allocated for all but the last entry should be freed.

Bug: https://github.com/curl/curl/pull/667
This commit is contained in:
Emil Lerner 2016-02-19 03:47:27 +03:00 committed by Jay Satiro
parent fe37695aa9
commit 3fa220a6a5

View File

@ -782,6 +782,7 @@ CURLcode Curl_sasl_decode_digest_http_message(const char *chlg,
/* Extract a value=content pair */
if(!Curl_sasl_digest_get_pair(chlg, value, content, &chlg)) {
if(Curl_raw_equal(value, "nonce")) {
free(digest->nonce);
digest->nonce = strdup(content);
if(!digest->nonce)
return CURLE_OUT_OF_MEMORY;
@ -793,11 +794,13 @@ CURLcode Curl_sasl_decode_digest_http_message(const char *chlg,
}
}
else if(Curl_raw_equal(value, "realm")) {
free(digest->realm);
digest->realm = strdup(content);
if(!digest->realm)
return CURLE_OUT_OF_MEMORY;
}
else if(Curl_raw_equal(value, "opaque")) {
free(digest->opaque);
digest->opaque = strdup(content);
if(!digest->opaque)
return CURLE_OUT_OF_MEMORY;
@ -825,17 +828,20 @@ CURLcode Curl_sasl_decode_digest_http_message(const char *chlg,
/* Select only auth or auth-int. Otherwise, ignore */
if(foundAuth) {
free(digest->qop);
digest->qop = strdup(DIGEST_QOP_VALUE_STRING_AUTH);
if(!digest->qop)
return CURLE_OUT_OF_MEMORY;
}
else if(foundAuthInt) {
free(digest->qop);
digest->qop = strdup(DIGEST_QOP_VALUE_STRING_AUTH_INT);
if(!digest->qop)
return CURLE_OUT_OF_MEMORY;
}
}
else if(Curl_raw_equal(value, "algorithm")) {
free(digest->algorithm);
digest->algorithm = strdup(content);
if(!digest->algorithm)
return CURLE_OUT_OF_MEMORY;