[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 27/153: reuse_conn(): free old_conn->options
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 27/153: reuse_conn(): free old_conn->options |
Date: |
Tue, 11 Sep 2018 12:51:38 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit a7091ba75d820612ec260da805e9148397eddfcd
Author: Even Rouault <address@hidden>
AuthorDate: Wed Jul 25 11:22:51 2018 +0200
reuse_conn(): free old_conn->options
This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
connection reuse.
I found this with oss-fuzz on GDAL and curl master:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
I couldn't reproduce with the oss-fuzz original test case, but looking
at curl source code pointed to this well reproducable leak.
Closes #2790
---
lib/url.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/url.c b/lib/url.c
index 5f520e91e..04f46b45f 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3971,6 +3971,7 @@ static void reuse_conn(struct connectdata *old_conn,
Curl_safefree(old_conn->user);
Curl_safefree(old_conn->passwd);
+ Curl_safefree(old_conn->options);
Curl_safefree(old_conn->http_proxy.user);
Curl_safefree(old_conn->socks_proxy.user);
Curl_safefree(old_conn->http_proxy.passwd);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 37/153: TODO: Support Authority Information Access certificate extension (AIA), (continued)
- [GNUnet-SVN] [gnurl] 37/153: TODO: Support Authority Information Access certificate extension (AIA), gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 35/153: test1157: test -H from empty file, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 39/153: test1157: follow-up to 35ecffb9, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 40/153: sws: handle EINTR when calling select(), gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 05/153: ares: check for NULL in completed-callback, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 28/153: wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 43/153: smb: fix memory leak on early failure, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 16/153: RELEASE-NOTES: sync, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 13/153: darwinssl: add support for ALPN negotiation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 34/153: curl: Fix segfault when -H @headerfile is empty, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 27/153: reuse_conn(): free old_conn->options,
gnunet <=
- [GNUnet-SVN] [gnurl] 08/153: docs/SECURITY-PROCESS: mention bounty, drop pre-notify, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 19/153: http2: several cleanups, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 02/153: schannel: fix MinGW compile break, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 04/153: conn: remove the boolean 'inuse' field, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 20/153: test214: disable MSYS2's POSIX path conversion for URL, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 12/153: test1422: add required file feature, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 10/153: smb: fix memory-leak in URL parse error path, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 32/153: docs/examples: add hiperfifo example using linux epoll/timerfd, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 30/153: docs/CURLOPT_URL: fix indentation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 31/153: docs/INSTALL.md: minor formatting fixes, gnunet, 2018/09/11