mirror of
https://github.com/moparisthebest/curl
synced 2025-01-12 22:48:02 -05:00
http: fix memleak in rewind error path
If the rewind would fail, a strdup() would not get freed. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665 Closes #3044
This commit is contained in:
parent
16fefeee1e
commit
4058cf2a7f
15
lib/http.c
15
lib/http.c
@ -537,14 +537,6 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(pickhost || pickproxy) {
|
if(pickhost || pickproxy) {
|
||||||
/* In case this is GSS auth, the newurl field is already allocated so
|
|
||||||
we must make sure to free it before allocating a new one. As figured
|
|
||||||
out in bug #2284386 */
|
|
||||||
Curl_safefree(data->req.newurl);
|
|
||||||
data->req.newurl = strdup(data->change.url); /* clone URL */
|
|
||||||
if(!data->req.newurl)
|
|
||||||
return CURLE_OUT_OF_MEMORY;
|
|
||||||
|
|
||||||
if((data->set.httpreq != HTTPREQ_GET) &&
|
if((data->set.httpreq != HTTPREQ_GET) &&
|
||||||
(data->set.httpreq != HTTPREQ_HEAD) &&
|
(data->set.httpreq != HTTPREQ_HEAD) &&
|
||||||
!conn->bits.rewindaftersend) {
|
!conn->bits.rewindaftersend) {
|
||||||
@ -552,6 +544,13 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
|||||||
if(result)
|
if(result)
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
/* In case this is GSS auth, the newurl field is already allocated so
|
||||||
|
we must make sure to free it before allocating a new one. As figured
|
||||||
|
out in bug #2284386 */
|
||||||
|
Curl_safefree(data->req.newurl);
|
||||||
|
data->req.newurl = strdup(data->change.url); /* clone URL */
|
||||||
|
if(!data->req.newurl)
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
}
|
}
|
||||||
else if((data->req.httpcode < 300) &&
|
else if((data->req.httpcode < 300) &&
|
||||||
(!data->state.authhost.done) &&
|
(!data->state.authhost.done) &&
|
||||||
|
Loading…
Reference in New Issue
Block a user