1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

Fix HSTS memory issue + test code issue

* src/hsts.c (hsts_find_entry): Fix freeing memory
  (hsts_remove_entry): Remove freeing host member
  (hsts_match): Free host member here
  (hsts_store_entry): Free host member here
  (test_url_rewrite): Fix 'created' value
  (test_hsts_read_database): Fix 'created' value

Reported-by: Dagobert Michelsen <dam@opencsw.org>
This commit is contained in:
Tim Rühsen 2015-11-18 10:58:56 +01:00 committed by Tim Rühsen
parent 76da642aaf
commit 99aa7b4f5e

View File

@ -148,13 +148,14 @@ hsts_find_entry (hsts_store_t store,
end: end:
/* restore pointer or we'll get a SEGV */ /* restore pointer or we'll get a SEGV */
k->host = org_ptr; k->host = org_ptr;
xfree (k->host);
/* copy parameters to previous frame */ /* copy parameters to previous frame */
if (match_type) if (match_type)
*match_type = match; *match_type = match;
if (kh) if (kh)
memcpy (kh, k, sizeof (struct hsts_kh)); memcpy (kh, k, sizeof (struct hsts_kh));
else
xfree (k->host);
xfree (k); xfree (k);
return khi; return khi;
@ -236,8 +237,7 @@ hsts_new_entry (hsts_store_t store,
static void static void
hsts_remove_entry (hsts_store_t store, struct hsts_kh *kh) hsts_remove_entry (hsts_store_t store, struct hsts_kh *kh)
{ {
if (hash_table_remove (store->table, kh)) hash_table_remove (store->table, kh);
xfree (kh->host);
} }
static bool static bool
@ -375,9 +375,10 @@ hsts_match (hsts_store_t store, struct url *u)
else else
hsts_remove_entry (store, kh); hsts_remove_entry (store, kh);
} }
xfree (kh->host);
} }
xfree(kh); xfree (kh);
return url_changed; return url_changed;
} }
@ -451,9 +452,10 @@ hsts_store_entry (hsts_store_t store,
result = hsts_add_entry (store, host, port, max_age, include_subdomains); result = hsts_add_entry (store, host, port, max_age, include_subdomains);
} }
/* we ignore new entries with max_age == 0 */ /* we ignore new entries with max_age == 0 */
xfree (kh->host);
} }
xfree(kh); xfree (kh);
return result; return result;
} }
@ -613,7 +615,7 @@ test_url_rewrite (hsts_store_t s, const char *url, int port, bool rewrite)
if (rewrite) if (rewrite)
{ {
if (port == 80) if (port == 80)
mu_assert("URL: port should've been rewritten to 443", u.port == 443); mu_assert("URL: port should've been rewritten to 443", u.port == 443);
else else
mu_assert("URL: port should've been left intact", u.port == port); mu_assert("URL: port should've been left intact", u.port == port);
mu_assert("URL: scheme should've been rewritten to HTTPS", u.scheme == SCHEME_HTTPS); mu_assert("URL: scheme should've been rewritten to HTTPS", u.scheme == SCHEME_HTTPS);
@ -686,7 +688,7 @@ test_hsts_url_rewrite_superdomain (void)
s = open_hsts_test_store (); s = open_hsts_test_store ();
mu_assert("Could not open the HSTS store", s != NULL); mu_assert("Could not open the HSTS store", s != NULL);
created = hsts_store_entry (s, SCHEME_HTTPS, "www.foo.com", 443, time(NULL) + 1234, true); created = hsts_store_entry (s, SCHEME_HTTPS, "www.foo.com", 443, 1234, true);
mu_assert("A new entry should've been created", created == true); mu_assert("A new entry should've been created", created == true);
TEST_URL_RW (s, "www.foo.com", 80); TEST_URL_RW (s, "www.foo.com", 80);
@ -707,7 +709,7 @@ test_hsts_url_rewrite_congruent (void)
s = open_hsts_test_store (); s = open_hsts_test_store ();
mu_assert("Could not open the HSTS store", s != NULL); mu_assert("Could not open the HSTS store", s != NULL);
created = hsts_store_entry (s, SCHEME_HTTPS, "foo.com", 443, time(NULL) + 1234, false); created = hsts_store_entry (s, SCHEME_HTTPS, "foo.com", 443, 1234, false);
mu_assert("A new entry should've been created", created == true); mu_assert("A new entry should've been created", created == true);
TEST_URL_RW (s, "foo.com", 80); TEST_URL_RW (s, "foo.com", 80);
@ -726,6 +728,7 @@ test_hsts_read_database (void)
char *home = home_dir(); char *home = home_dir();
char *file = NULL; char *file = NULL;
FILE *fp = NULL; FILE *fp = NULL;
time_t created = time(NULL) - 10;
if (home) if (home)
{ {
@ -734,9 +737,9 @@ test_hsts_read_database (void)
if (fp) if (fp)
{ {
fputs ("# dummy comment\n", fp); fputs ("# dummy comment\n", fp);
fputs ("foo.example.com\t0\t1\t1434224817\t123123123\n", fp); fprintf (fp, "foo.example.com\t0\t1\t%ld\t123\n",(long) created);
fputs ("bar.example.com\t0\t0\t1434224817\t456456456\n", fp); fprintf (fp, "bar.example.com\t0\t0\t%ld\t456\n", (long) created);
fputs ("test.example.com\t8080\t0\t1434224817\t789789789\n", fp); fprintf (fp, "test.example.com\t8080\t0\t%ld\t789\n", (long) created);
fclose (fp); fclose (fp);
table = hsts_store_open (file); table = hsts_store_open (file);