Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/httpd avoid memory leak in sending multiple auth hea...
details: https://anonhg.NetBSD.org/src/rev/a16c5fc212a3
branches: trunk
changeset: 994713:a16c5fc212a3
user: mrg <mrg%NetBSD.org@localhost>
date: Mon Nov 19 04:13:09 2018 +0000
description:
avoid memory leak in sending multiple auth headers.
mostly mitigated by previous patch to limit total header size,
but still a real problem here.
diffstat:
libexec/httpd/auth-bozo.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diffs (29 lines):
diff -r dfb9f2a5cb42 -r a16c5fc212a3 libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Mon Nov 19 04:12:22 2018 +0000
+++ b/libexec/httpd/auth-bozo.c Mon Nov 19 04:13:09 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-bozo.c,v 1.18 2015/12/27 10:21:35 mrg Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.19 2018/11/19 04:13:09 mrg Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
@@ -147,6 +147,10 @@
char *pass = NULL;
ssize_t alen;
+ /* free prior entries. */
+ free(request->hr_authuser);
+ free(request->hr_authpass);
+
alen = base64_decode((unsigned char *)str + 6,
(size_t)(len - 6),
(unsigned char *)authbuf,
@@ -158,8 +162,6 @@
return bozo_http_error(httpd, 400, request,
"bad authorization field");
*pass++ = '\0';
- free(request->hr_authuser);
- free(request->hr_authpass);
request->hr_authuser = bozostrdup(httpd, request, authbuf);
request->hr_authpass = bozostrdup(httpd, request, pass);
debug((httpd, DEBUG_FAT,
Home |
Main Index |
Thread Index |
Old Index