cURL / Mailing Lists / curl-library / Single Mail

curl-library

Memory leak in MD5 implementation

From: Michael Mueller <mmueller_at_vigilantsw.com>
Date: Sun, 22 Apr 2012 17:07:18 -0700

Hi all,

Sentry (our static analyzer) picked up a minor memory leak in curl
recently, in md5.c's Curl_MD5_init():

MD5_context* ctxt;

/* Create MD5 context */
ctxt = malloc(sizeof *ctxt);

if(!ctxt)
return ctxt;

ctxt->md5_hashctx = malloc(md5params->md5_ctxtsize);

if(!ctxt->md5_hashctx)
return ctxt->md5_hashctx; // Error: ctxt leaked

Admittedly it's a rare condition that malloc would fail here, but you
may want to free(ctxt) before returning. (Also, it's a little strange
to return ctxt->md5_hashctx instead of simply NULL.)

Introduced here:
https://github.com/bagder/curl/commit/004d725

Best,
Mike

-- 
Mike Mueller
Phone: (401) 405-1525
Email: mmueller_at_vigilantsw.com
http://www.vigilantsw.com/
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2012-04-23

This message: [ Message body ]
Next message: Weitian Leung: "Couldn't connect to http://IP:PORT/xxxx"
Previous message: Guenter: "Re: problem with cross-compile configure --with-librtmp"
Next in thread: Daniel Stenberg: "Re: Memory leak in MD5 implementation"
Reply: Daniel Stenberg: "Re: Memory leak in MD5 implementation"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]