moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-10-31 15:45:12 -04:00
Code Issues Releases Wiki Activity

formpost: fix memory leaks in AddFormData error branches

Browse Source 
Reported-by: Dmitry-Me
Fixes #688
This commit is contained in:
Daniel Stenberg 2016-02-29 20:32:08 +01:00
parent ae7d6b7154
commit c2a809cd26
1 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lib/formdata.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -825,28 +825,34 @@ static CURLcode AddFormData(struct FormData **formp,
curl_off_t length, curl_off_t length,
curl_off_t *size) curl_off_t *size)
{ {
struct FormData *newform = malloc(sizeof(struct FormData)); struct FormData *newform;
char *alloc2 = NULL;
CURLcode result = CURLE_OK;
if(length < 0 || (size && *size < 0))
return CURLE_BAD_FUNCTION_ARGUMENT;
newform = malloc(sizeof(struct FormData));
if(!newform) if(!newform)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
newform->next = NULL; newform->next = NULL;
if(length < 0 || (size && *size < 0))
return CURLE_BAD_FUNCTION_ARGUMENT;
if(type <= FORM_CONTENT) { if(type <= FORM_CONTENT) {
/* we make it easier for plain strings: */ /* we make it easier for plain strings: */
if(!length) if(!length)
length = strlen((char *)line); length = strlen((char *)line);
#if (SIZEOF_SIZE_T < CURL_SIZEOF_CURL_OFF_T) #if (SIZEOF_SIZE_T < CURL_SIZEOF_CURL_OFF_T)
else if(length >= (curl_off_t)(size_t)-1) else if(length >= (curl_off_t)(size_t)-1) {
return CURLE_BAD_FUNCTION_ARGUMENT; result = CURLE_BAD_FUNCTION_ARGUMENT;
goto error;
}
#endif #endif
newform->line = malloc((size_t)length+1); newform->line = malloc((size_t)length+1);
if(!newform->line) { if(!newform->line) {
free(newform); result = CURLE_OUT_OF_MEMORY;
return CURLE_OUT_OF_MEMORY; goto error;
} }
alloc2 = newform->line;
memcpy(newform->line, line, (size_t)length); memcpy(newform->line, line, (size_t)length);
newform->length = (size_t)length; newform->length = (size_t)length;
newform->line[(size_t)length]=0; /* zero terminate for easier debugging */ newform->line[(size_t)length]=0; /* zero terminate for easier debugging */
@ -877,12 +883,20 @@ static CURLcode AddFormData(struct FormData **formp,
struct_stat file; struct_stat file;
if(!stat(newform->line, &file) && !S_ISDIR(file.st_mode)) if(!stat(newform->line, &file) && !S_ISDIR(file.st_mode))
*size += filesize(newform->line, file); *size += filesize(newform->line, file);
else else {
return CURLE_BAD_FUNCTION_ARGUMENT; result = CURLE_BAD_FUNCTION_ARGUMENT;
goto error;
}
} }
} }
} }
return CURLE_OK; return CURLE_OK;
error:
if(newform)
free(newform);
if(alloc2)
free(alloc2);
return result;
} }
/* /*