mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
smtp: Fixed inappropriate free of the scratch buffer
If the scratch buffer was allocated in a previous call to
Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent
call and no action taken by that call, then an attempt would be made to
try and free the buffer which, by now, would be part of the data->state
structure.
This bug was introduced in commit 4bd860a001
.
This commit is contained in:
parent
f0ecdd04d3
commit
8a4ce7d0f5
@ -2321,6 +2321,7 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread)
|
||||
struct SessionHandle *data = conn->data;
|
||||
struct SMTP *smtp = data->req.protop;
|
||||
char *scratch = data->state.scratch;
|
||||
char *newscratch = NULL;
|
||||
char *oldscratch = NULL;
|
||||
size_t eob_sent;
|
||||
|
||||
@ -2328,8 +2329,8 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread)
|
||||
if(!scratch || data->set.crlf) {
|
||||
oldscratch = scratch;
|
||||
|
||||
scratch = malloc(2 * BUFSIZE);
|
||||
if(!scratch) {
|
||||
scratch = newscratch = malloc(2 * BUFSIZE);
|
||||
if(!newscratch) {
|
||||
failf(data, "Failed to alloc scratch buffer!");
|
||||
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
@ -2401,7 +2402,7 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread)
|
||||
data->req.upload_present = si;
|
||||
}
|
||||
else
|
||||
Curl_safefree(scratch);
|
||||
Curl_safefree(newscratch);
|
||||
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user