5fa0f87ce8
- add latest improvements, up to patch 35 git-svn-id: svn://svn.openwrt.org/openwrt/packages@36096 3c298f89-4303-0410-b956-a3cf2f4a3e73
49 lines
1.4 KiB
Diff
49 lines
1.4 KiB
Diff
From 022ff7d0fd38505dbd87d7224ca20d1cdc729f01 Mon Sep 17 00:00:00 2001
|
|
From: Willy Tarreau <w@1wt.eu>
|
|
Date: Thu, 24 Jan 2013 02:26:43 +0100
|
|
Subject: BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
|
|
|
|
A test is obviously wrong in uri_auth(). If strdup(pass) returns an error
|
|
while strdup(user) passes, the NULL pointer is still stored into the
|
|
structure. If the user returns the NULL instead, the allocated memory is
|
|
not released before returning the error.
|
|
|
|
The issue was present in 1.4 so the fix should be backported.
|
|
|
|
Reported-by: Dinko Korunic <dkorunic@reflected.net>
|
|
(cherry picked from commit 0b291bdef1b9b6b539f44aa896eb1211c57a67a5)
|
|
---
|
|
src/uri_auth.c | 13 ++++++++++---
|
|
1 files changed, 10 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/uri_auth.c b/src/uri_auth.c
|
|
index fdbcef0..2344ac6 100644
|
|
--- a/src/uri_auth.c
|
|
+++ b/src/uri_auth.c
|
|
@@ -247,12 +247,19 @@ struct uri_auth *stats_add_auth(struct uri_auth **root, char *user)
|
|
return NULL;
|
|
|
|
newuser->user = strdup(user);
|
|
- newuser->pass = strdup(pass);
|
|
- newuser->flags |= AU_O_INSECURE;
|
|
+ if (!newuser->user) {
|
|
+ free(newuser);
|
|
+ return NULL;
|
|
+ }
|
|
|
|
- if (!newuser->user || !newuser->user)
|
|
+ newuser->pass = strdup(pass);
|
|
+ if (!newuser->pass) {
|
|
+ free(newuser->user);
|
|
+ free(newuser);
|
|
return NULL;
|
|
+ }
|
|
|
|
+ newuser->flags |= AU_O_INSECURE;
|
|
newuser->next = u->userlist->users;
|
|
u->userlist->users = newuser;
|
|
|
|
--
|
|
1.7.1
|
|
|