curl-library
Re: [PATCH] Missing NULL strdup() check in multi.c:1327
Date: Fri, 21 Aug 2009 07:28:02 -0400
On Aug 21, 2009, at 3:35 AM, Daniel Stenberg wrote:
> On Wed, 19 Aug 2009, Andre Guibert de Bruet wrote:
>
>> There appears to be a missing NULL-allocation check in
>> multi_runsingle() for the newurl parameter that is passed to
>> Curl_retry_request() (Where the allocation is actually performed).
>> Presently, this NULL pointer ends up being passed to sscanf() in
>> is_absolute_url(), through the Curl_follow() call.
>>
>> The attached patch addresses the issue. Could it be committed upon
>> review?
>
> Ah yes, thanks.
>
> I think the patch was a bit too simple and bailed out a little too
> much upon that error. I took this somewhat further and poked the
> Curl_retry_request() function to properly return an error code
> instead and then the change ends up somewhat larger. See my attached
> patch. Oh, and also the code in CVS changed a bit with johansen's
> pipelining fixes so this probably won't apply to anything that isn't
> pretty much CVS HEAD
>
> Comments anyone?
Looks perfect!
Cheers,
/* Andre Guibert de Bruet * 436f 6465 2070 6f65 742e 2042 6974 206a */
/* Managing Partner * 6f63 6b65 792e 2053 7973 4164 6d69 6e2e */
/* GSM: +1 734 846 8758 * 2055 4e49 5820 736c 6575 7468 2e00 0000 */
/* WWW: siliconlandmark.com * C/C++, Java, Perl, PHP, SQL, XHTML, XML */
Received on 2009-08-21