mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-24 14:15:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

duphandle: make dupset() not return with pointers to old alloced data

Browse Source 
As the blob pointers are to be duplicated, the function must not return
mid-function with lingering pointers to the old handle's allocated data,
as that would lead to double-free in OOM situations.

Make sure to clear all destination pointers first to avoid this risk.

Closes #12337
This commit is contained in:
Daniel Stenberg 2023-11-16 10:04:35 +01:00
parent 626365ef82
commit 54a385e3fa
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/easy.c
View File

@ -837,8 +837,10 @@ static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src)
dst->set = src->set;
Curl_mime_initpart(&dst->set.mimepost);
/* clear all string pointers first */
/* clear all dest string and blob pointers first, in case we error out
mid-function */
memset(dst->set.str, 0, STRING_LAST * sizeof(char *));
memset(dst->set.blobs, 0, BLOB_LAST * sizeof(struct curl_blob *));
/* duplicate all strings */
for(i = (enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) {
@ -847,8 +849,6 @@ static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src)
return result;
}
/* clear all blob pointers first */
memset(dst->set.blobs, 0, BLOB_LAST * sizeof(struct curl_blob *));
/* duplicate all blobs */
for(j = (enum dupblob)0; j < BLOB_LAST; j++) {
result = Curl_setblobopt(&dst->set.blobs[j], src->set.blobs[j]);