- David Binderman found a memory and fd leak in lib/gtls.c:load_file()

(https://bugzilla.novell.com/523919). When looking at the code, I found
  that also the ptr pointer can leak.
This commit is contained in:
Michal Marek 2009-07-22 09:48:32 +00:00
parent 650543a042
commit 4c207a004c
3 changed files with 16 additions and 6 deletions

View File

@ -6,6 +6,10 @@
Changelog
Michal Marek (22 Jul 2009)
- David Binderman found a memory and fd leak in lib/gtls.c:load_file()
(https://bugzilla.novell.com/523919). When looking at the code, I found
that also the ptr pointer can leak.
Kamil Dudka (20 Jul 2009)
- Claes Jakobsson improved the support for client certificates handling
in NSS-powered libcurl. Now the client certificates can be selected

View File

@ -32,6 +32,7 @@ This release includes the following bugfixes:
o curl -o - sends data to stdout using binary mode on windows
o fixed the separators for "array" style string that CURLINFO_CERTINFO returns
o auth problem over several hosts with re-used connection
o fix leak in gtls code
This release includes the following known bugs:
@ -44,6 +45,6 @@ advice from friends like these:
Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg,
Aaron Oneal, Igor Novoseltsev, Eric Wong, Bill Hoffman, Daniel Steinberg,
Fabian Keil, Michal Marek, Reuven Wachtfogel, Markus Koetter,
Constantine Sapuntzakis
Constantine Sapuntzakis, David Binderman
Thanks! (and sorry if I forgot to mention someone)

View File

@ -148,17 +148,22 @@ static gnutls_datum load_file (const char *file)
long filelen;
void *ptr;
if (!(f = fopen(file, "r"))
|| fseek(f, 0, SEEK_END) != 0
if (!(f = fopen(file, "r")))
return loaded_file;
if (fseek(f, 0, SEEK_END) != 0
|| (filelen = ftell(f)) < 0
|| fseek(f, 0, SEEK_SET) != 0
|| !(ptr = malloc((size_t)filelen))
|| fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) {
return loaded_file;
|| !(ptr = malloc((size_t)filelen)))
goto out;
if (fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) {
free(ptr);
goto out;
}
loaded_file.data = ptr;
loaded_file.size = (unsigned int)filelen;
out:
fclose(f);
return loaded_file;
}