52 lines
1.7 KiB
Diff
52 lines
1.7 KiB
Diff
From 4058cf2a7f7e2590c26588c4eb476ac5c029cb5a Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Tue, 25 Sep 2018 07:49:35 +0200
|
|
Subject: [PATCH 100/557] http: fix memleak in rewind error path
|
|
|
|
If the rewind would fail, a strdup() would not get freed.
|
|
|
|
Detected by OSS-Fuzz
|
|
|
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
|
|
Closes #3044
|
|
---
|
|
lib/http.c | 15 +++++++--------
|
|
1 file changed, 7 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/lib/http.c b/lib/http.c
|
|
index 02ba133..47e4719 100644
|
|
--- a/lib/http.c
|
|
+++ b/lib/http.c
|
|
@@ -537,14 +537,6 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
|
}
|
|
|
|
if(pickhost || pickproxy) {
|
|
- /* In case this is GSS auth, the newurl field is already allocated so
|
|
- we must make sure to free it before allocating a new one. As figured
|
|
- out in bug #2284386 */
|
|
- Curl_safefree(data->req.newurl);
|
|
- data->req.newurl = strdup(data->change.url); /* clone URL */
|
|
- if(!data->req.newurl)
|
|
- return CURLE_OUT_OF_MEMORY;
|
|
-
|
|
if((data->set.httpreq != HTTPREQ_GET) &&
|
|
(data->set.httpreq != HTTPREQ_HEAD) &&
|
|
!conn->bits.rewindaftersend) {
|
|
@@ -552,6 +544,13 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
|
if(result)
|
|
return result;
|
|
}
|
|
+ /* In case this is GSS auth, the newurl field is already allocated so
|
|
+ we must make sure to free it before allocating a new one. As figured
|
|
+ out in bug #2284386 */
|
|
+ Curl_safefree(data->req.newurl);
|
|
+ data->req.newurl = strdup(data->change.url); /* clone URL */
|
|
+ if(!data->req.newurl)
|
|
+ return CURLE_OUT_OF_MEMORY;
|
|
}
|
|
else if((data->req.httpcode < 300) &&
|
|
(!data->state.authhost.done) &&
|
|
--
|
|
1.8.3.1
|
|
|