cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: PATCH: prevent a double free() with a malformed LDAP URL

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 21 Aug 2013 23:31:14 +0200 (CEST)

On Wed, 21 Aug 2013, Geoff Beier wrote:

> We're seeing a crash in libcurl with the Windows system LDAP support built
> in, where libcurl will attempt to free memory twice when a URL parse fails.

> I believe I've followed the instructions for patch formatting and such, but
> if I've gotten something wrong please let me know.

Thanks!

The patch is formatted fine and all, I only have some concerns on the actual
functinality it brings.

How exactly is the ->lud_attrs pointer freed twice? With you assigning it to
NULL everywhere on errors you instead introduce memory leaks since it'll skip
freeing completely. Or am I reading it wrong?

Bonus issue: unescape_elements() goes through several pointers and replaces
them with "unescaped" versions. The only problem there is that
curl_easy_unescape() returns a newly allocated string and the function doesn't
free the previous strings that were unescaped and no longer used. It so looks
like a memory leak to me!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-21