generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

HTTP: memory leak on multiple Location:

Browse Source 
The HTTP parser allocated memory on each received Location: header
without properly freeing old data. Starting now, the code only considers
the first Location: header and will blissfully ignore subsequent ones.

Bug: http://curl.haxx.se/bug/view.cgi?id=3165129
Reported by: Martin Lemke
This commit is contained in:
Daniel Stenberg 2011-01-25 12:06:50 +01:00
parent 4b837a7e15
commit dbcaa00657
3 changed files with 61 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/http.c
View File

@ -3723,7 +3723,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
return result; return result;
} }
else if((k->httpcode >= 300 && k->httpcode < 400) && else if((k->httpcode >= 300 && k->httpcode < 400) &&
checkprefix("Location:", k->p)) { checkprefix("Location:", k->p) &&
!data->req.location) {
/* this is the URL that the server advises us to use instead */ /* this is the URL that the server advises us to use instead */
char *location = Curl_copy_header_value(k->p); char *location = Curl_copy_header_value(k->p);
if (!location) if (!location)
@ -3732,7 +3733,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
/* ignore empty data */ /* ignore empty data */
free(location); free(location);
else { else {
DEBUGASSERT(!data->req.location);
data->req.location = location; data->req.location = location;
if(data->set.http_follow_location) { if(data->set.http_follow_location) {

58
tests/data/test580 Normal file
View File

@ -0,0 +1,58 @@
<testcase>
<info>
<keywords>
HTTP
HTTP GET
multi
Duplicate-header
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 302 eat this!
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Location: this-is-the-first.html
Content-Length: 0
Connection: close
Location: and there's a second one too! / moo.html
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<features>
http
</features>
# tool is what to use instead of 'curl'
<tool>
lib507
</tool>
<name>
multi interface, multiple Location: headers
</name>
<command>
http://%HOSTIP:%HTTPPORT/580
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET /580 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
</verify>
</testcase>

1
tests/libtest/lib507.c
View File

@ -48,6 +48,7 @@ int test(char *URL)
} }
test_setopt(curls, CURLOPT_URL, URL); test_setopt(curls, CURLOPT_URL, URL);
test_setopt(curls, CURLOPT_HEADER, 1L);
if ((ret = curl_multi_add_handle(multi, curls)) != CURLM_OK) { if ((ret = curl_multi_add_handle(multi, curls)) != CURLM_OK) {
fprintf(stderr, "curl_multi_add_handle() failed, " fprintf(stderr, "curl_multi_add_handle() failed, "