From 7263df622125892b8dc11244c4dd6b740eea206c Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Mon, 30 Jul 2018 15:38:45 +0200 Subject: [PATCH 2/6] Fix RESOURCE LEAK in http.c found by Coverity Error: RESOURCE_LEAK (CWE-772): wget-1.19.5/src/http.c:2434: alloc_fn: Storage is returned from allocation function "xmalloc". wget-1.19.5/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc". wget-1.19.5/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)". wget-1.19.5/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p". wget-1.19.5/src/http.c:2434: var_assign: Assigning: "auth_stat" = storage returned from "xmalloc(4UL)". wget-1.19.5/src/http.c:2446: noescape: Resource "auth_stat" is not freed or pointed-to in "create_authorization_line". wget-1.19.5/src/http.c:5203:70: noescape: "create_authorization_line(char const *, char const *, char const *, char const *, char const *, _Bool *, uerr_t *)" does not free or save its parameter "auth_err". wget-1.19.5/src/http.c:2476: leaked_storage: Variable "auth_stat" going out of scope leaks the storage it points to. \# 2474| /* Creating the Authorization header went wrong */ \# 2475| } \# 2476|-> } \# 2477| else \# 2478| { Error: RESOURCE_LEAK (CWE-772): wget-1.19.5/src/http.c:2431: alloc_fn: Storage is returned from allocation function "url_full_path". wget-1.19.5/src/url.c:1105:19: alloc_fn: Storage is returned from allocation function "xmalloc". wget-1.19.5/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc". wget-1.19.5/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)". wget-1.19.5/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p". wget-1.19.5/src/url.c:1105:19: var_assign: Assigning: "full_path" = "xmalloc(length + 1)". wget-1.19.5/src/url.c:1107:3: noescape: Resource "full_path" is not freed or pointed-to in function "full_path_write". wget-1.19.5/src/url.c:1078:47: noescape: "full_path_write(struct url const *, char *)" does not free or save its parameter "where". wget-1.19.5/src/url.c:1110:3: return_alloc: Returning allocated memory "full_path". wget-1.19.5/src/http.c:2431: var_assign: Assigning: "pth" = storage returned from "url_full_path(u)". wget-1.19.5/src/http.c:2446: noescape: Resource "pth" is not freed or pointed-to in "create_authorization_line". wget-1.19.5/src/http.c:5203:40: noescape: "create_authorization_line(char const *, char const *, char const *, char const *, char const *, _Bool *, uerr_t *)" does not free or save its parameter "path". wget-1.19.5/src/http.c:2476: leaked_storage: Variable "pth" going out of scope leaks the storage it points to. \# 2474| /* Creating the Authorization header went wrong */ \# 2475| } \# 2476|-> } \# 2477| else \# 2478| { Both "pth" and "auth_stat" are allocated in "check_auth()" function. These are used for creating the HTTP Authorization Request header via "create_authorization_line()" function. In case the creation went OK (auth_err == RETROK), then the memory previously allocated to "pth" and "auth_stat" is freed. However if the creation failed, then the memory is never freed and it leaks. Signed-off-by: Tomas Hozza --- src/http.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/http.c b/src/http.c index 093be167..4e0d467a 100644 --- a/src/http.c +++ b/src/http.c @@ -2451,6 +2451,8 @@ check_auth (const struct url *u, char *user, char *passwd, struct response *resp auth_stat); auth_err = *auth_stat; + xfree (auth_stat); + xfree (pth); if (auth_err == RETROK) { request_set_header (req, "Authorization", value, rel_value); @@ -2464,8 +2466,6 @@ check_auth (const struct url *u, char *user, char *passwd, struct response *resp register_basic_auth_host (u->host); } - xfree (pth); - xfree (auth_stat); *retry = true; goto cleanup; } -- 2.17.1