HTTP: memory leak on multiple Location:

The HTTP parser allocated memory on each received Location: header without properly freeing old data. Starting now, the code only considers the first Location: header and will blissfully ignore subsequent ones. Bug: http://curl.haxx.se/bug/view.cgi?id=3165129 Reported by: Martin Lemke
2024-12-21 23:58:49 -05:00 · 2011-01-25 12:06:50 +01:00 · 2011-01-25 12:06:50 +01:00 · dbcaa00657
commit dbcaa00657
parent 4b837a7e15
3 changed files with 61 additions and 2 deletions
--- a/lib/http.c
+++ b/lib/http.c
@ -3723,7 +3723,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
        return result;
    }
    else if((k->httpcode >= 300 && k->httpcode < 400) &&
-            checkprefix("Location:", k->p)) {
+            checkprefix("Location:", k->p) &&
+            !data->req.location) {
      /* this is the URL that the server advises us to use instead */
      char *location = Curl_copy_header_value(k->p);
      if (!location)
@ -3732,7 +3733,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
        /* ignore empty data */
        free(location);
      else {
-        DEBUGASSERT(!data->req.location);
        data->req.location = location;

        if(data->set.http_follow_location) {
--- a/tests/data/test580
+++ b/tests/data/test580
@ -0,0 +1,58 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+multi
+Duplicate-header
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 eat this!
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Location: this-is-the-first.html
+Content-Length: 0
+Connection: close
+Location: and there's a second one too! / moo.html
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+http
+</features>
+# tool is what to use instead of 'curl'
+<tool>
+lib507
+</tool>
+
+ <name>
+multi interface, multiple Location: headers
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/580
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /580 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
--- a/tests/libtest/lib507.c
+++ b/tests/libtest/lib507.c
@ -48,6 +48,7 @@ int test(char *URL)
  }

  test_setopt(curls, CURLOPT_URL, URL);
+  test_setopt(curls, CURLOPT_HEADER, 1L);

  if ((ret = curl_multi_add_handle(multi, curls)) != CURLM_OK) {
    fprintf(stderr, "curl_multi_add_handle() failed, "