[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 241/256: cookie: fix memory leak if path was set tw
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 241/256: cookie: fix memory leak if path was set twice in header |
Date: |
Fri, 06 Oct 2017 19:45:32 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 8392a0cf612eaf045addc0b5d8da6d287be33907
Author: Daniel Stenberg <address@hidden>
AuthorDate: Sat Sep 30 14:10:12 2017 +0200
cookie: fix memory leak if path was set twice in header
... this will let the second occurance override the first.
Added test 1161 to verify.
Reported-by: Max Dymond
Fixes #1932
Closes #1933
---
lib/cookie.c | 1 +
tests/data/Makefile.inc | 2 +-
tests/data/test1161 | 54 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index 1d7defd84..271f6d49d 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -499,6 +499,7 @@ Curl_cookie_add(struct Curl_easy *data,
badcookie = TRUE; /* out of memory bad */
break;
}
+ free(co->spath); /* if this is set again */
co->spath = sanitize_cookie_path(co->path);
if(!co->spath) {
badcookie = TRUE; /* out of memory bad */
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 4366f4b99..823d27548 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -123,7 +123,7 @@ test1128 test1129 test1130 test1131 test1132 test1133
test1134 test1135 \
test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \
test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
\
-test1160 \
+test1160 test1161 \
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
test1216 test1217 test1218 test1219 \
diff --git a/tests/data/test1161 b/tests/data/test1161
new file mode 100644
index 000000000..179531314
--- /dev/null
+++ b/tests/data/test1161
@@ -0,0 +1,54 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+cookies
+</keywords>
+</info>
+
+# Server-side
+<reply>
+
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 0
+Set-Cookie: ckyPersistent=permanent;path=;path=/
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP cookie with path set twice
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1161 -c log/cookies1161.txt
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1161 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+<file name="log/cookies1161.txt">
+# Netscape HTTP Cookie File
+# https://curl.haxx.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+127.0.0.1 FALSE / FALSE 0 ckyPersistent permanent
+</file>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 143/256: mime: use CURL_ZERO_TERMINATED in examples, (continued)
- [GNUnet-SVN] [gnurl] 143/256: mime: use CURL_ZERO_TERMINATED in examples, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 46/256: request-target.d: mention added in 7.55.0, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 56/256: winbuild: fix embedded manifest option, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 236/256: connect: fix race condition with happy eyeballs timeout, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 44/256: makefile.m32: add support for libidn2, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 167/256: vtls: switch to CURL_SHA256_DIGEST_LENGTH define, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 54/256: examples/threaded-ssl: mention that this is for openssl before 1.1, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 188/256: checksrc: detect and warn for multiple spaces, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 233/256: http: add custom empty headers to repeated requests, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 115/256: ossfuzz: moving towards the ideal integration, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 241/256: cookie: fix memory leak if path was set twice in header,
gnunet <=
- [GNUnet-SVN] [gnurl] 49/256: test1453: Fixed <features>, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 204/256: curl: make str2udouble not return values on error, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 225/256: symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entry, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 196/256: docs: clarify the CURLOPT_INTERLEAVE* options behavior, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 154/256: mime: unified to use the typedef'd mime structs everywhere, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 246/256: FTP: zero terminate the entry path even on bad input, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 102/256: RELEASE-NOTES: synced with 8c33c963a, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 238/256: test1160: verifies cookie leak for large cookies, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 245/256: cmake: disable tests and man generation if perl/nroff not found, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 150/256: examples/mime: minor example code fixes, gnunet, 2017/10/06