1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 17:18:48 -05:00

security:read_data fix bad realloc()

... that could end up a double-free

CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
This commit is contained in:
Daniel Stenberg 2019-09-03 22:59:32 +02:00
parent facb0e4662
commit 9069838b30
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
struct krb5buffer *buf) struct krb5buffer *buf)
{ {
int len; int len;
void *tmp = NULL;
CURLcode result; CURLcode result;
result = socket_read(fd, &len, sizeof(len)); result = socket_read(fd, &len, sizeof(len));
@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
if(len) { if(len) {
/* only realloc if there was a length */ /* only realloc if there was a length */
len = ntohl(len); len = ntohl(len);
tmp = Curl_saferealloc(buf->data, len); buf->data = Curl_saferealloc(buf->data, len);
} }
if(tmp == NULL) if(!len || !buf->data)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
buf->data = tmp;
result = socket_read(fd, buf->data, len); result = socket_read(fd, buf->data, len);
if(result) if(result)
return result; return result;