From a58b27740fd78fee88b35104fa71b7019280ccff Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Thu, 13 Dec 2018 10:15:00 +0100 Subject: [PATCH] OS400: handle memory error in list conversion Curl_slist_append_nodup() returns NULL when it fails to create a new item for the specified list, and since the coding here reassigned the new list on top of the old list it would result in a dangling pointer and lost memory. Also, in case we hit an allocation failure at some point during the conversion, with allocation succeeding again on the subsequent call(s) we will return a truncated list around the malloc failure point. Fix by assigning to a temporary list pointer, which can be checked (which is the common pattern for slist appending), and free all the resources on allocation failure. Closes #3372 Reviewed-by: Daniel Stenberg --- packages/OS400/ccsidcurl.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c index b1d3ba845..ca711d0c0 100644 --- a/packages/OS400/ccsidcurl.c +++ b/packages/OS400/ccsidcurl.c @@ -219,13 +219,20 @@ slist_convert(int dccsid, struct curl_slist * from, int sccsid) struct curl_slist * to = (struct curl_slist *) NULL; for(; from; from = from->next) { + struct curl_slist *nl; char * cp = dynconvert(dccsid, from->data, -1, sccsid); if(!cp) { curl_slist_free_all(to); return (struct curl_slist *) NULL; } - to = Curl_slist_append_nodup(to, cp); + nl = Curl_slist_append_nodup(to, cp); + if(!nl) { + curl_slist_free_all(to); + free(cp); + return NULL; + } + to = nl; } return to; }