1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

cookie: fix memory leak if path was set twice in header

... this will let the second occurance override the first.

Added test 1161 to verify.

Reported-by: Max Dymond
Fixes #1932
Closes #1933
This commit is contained in:
Daniel Stenberg 2017-09-30 14:10:12 +02:00
parent cecffff561
commit 8392a0cf61
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 56 additions and 1 deletions

View File

@ -499,6 +499,7 @@ Curl_cookie_add(struct Curl_easy *data,
badcookie = TRUE; /* out of memory bad */ badcookie = TRUE; /* out of memory bad */
break; break;
} }
free(co->spath); /* if this is set again */
co->spath = sanitize_cookie_path(co->path); co->spath = sanitize_cookie_path(co->path);
if(!co->spath) { if(!co->spath) {
badcookie = TRUE; /* out of memory bad */ badcookie = TRUE; /* out of memory bad */

View File

@ -123,7 +123,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \
test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \
test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
\ \
test1160 \ test1160 test1161 \
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
test1216 test1217 test1218 test1219 \ test1216 test1217 test1218 test1219 \

54
tests/data/test1161 Normal file
View File

@ -0,0 +1,54 @@
<testcase>
<info>
<keywords>
HTTP
HTTP GET
cookies
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Content-Length: 0
Set-Cookie: ckyPersistent=permanent;path=;path=/
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
HTTP cookie with path set twice
</name>
<command>
http://%HOSTIP:%HTTPPORT/1161 -c log/cookies1161.txt
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET /1161 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
<file name="log/cookies1161.txt">
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
127.0.0.1 FALSE / FALSE 0 ckyPersistent permanent
</file>
</verify>
</testcase>