[GNUnet-SVN] [gnurl] 203/220: security:read

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 203/220: security:read_data fix bad realloc()

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 203/220: security:read_data fix bad realloc()
Date:	Thu, 12 Sep 2019 17:29:23 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 9069838b30fb3b48af0123e39f664cea683254a5
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Sep 3 22:59:32 2019 +0200

    security:read_data fix bad realloc()
    
    ... that could end up a double-free
    
    CVE-2019-5481
    Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
---
 lib/security.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/security.c b/lib/security.c
index 550ea2da8..c5e4e135d 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
                           struct krb5buffer *buf)
 {
   int len;
-  void *tmp = NULL;
   CURLcode result;
 
   result = socket_read(fd, &len, sizeof(len));
@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
   if(len) {
     /* only realloc if there was a length */
     len = ntohl(len);
-    tmp = Curl_saferealloc(buf->data, len);
+    buf->data = Curl_saferealloc(buf->data, len);
   }
-  if(tmp == NULL)
+  if(!len || !buf->data)
     return CURLE_OUT_OF_MEMORY;
 
-  buf->data = tmp;
   result = socket_read(fd, buf->data, len);
   if(result)
     return result;

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 205/220: Curl_fillreadbuffer: avoid double-free trailer buf on error, (continued)
- [GNUnet-SVN] [gnurl] 205/220: Curl_fillreadbuffer: avoid double-free trailer buf on error, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 204/220: tool_setopt: handle a libcurl build without netrc support, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 194/220: smb: init *msg to NULL in smb_send_and_recv(), gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 207/220: sspi: fix memory leaks, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 209/220: openssl: use SSL_CTX_set_<min|max>_proto_version() when available, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 210/220: urlapi: verify the IPv6 numerical address, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 218/220: docs: curl->gnurl sed, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 220/220: doc: man 3 rename., gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 219/220: rename man 3 file, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 208/220: openssl: indent, re-organize and add comments, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 203/220: security:read_data fix bad realloc(), gnunet <=
- [GNUnet-SVN] [gnurl] 196/220: cleanup: move functions out of url.c and make them static, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 214/220: RELEASE-NOTES: curl 7.66.0, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 216/220: Merge tag 'curl-7_66_0', gnunet, 2019/09/12

Prev by Date: [GNUnet-SVN] [gnurl] 208/220: openssl: indent, re-organize and add comments
Next by Date: [GNUnet-SVN] [gnurl] 196/220: cleanup: move functions out of url.c and make them static
Previous by thread: [GNUnet-SVN] [gnurl] 208/220: openssl: indent, re-organize and add comments
Next by thread: [GNUnet-SVN] [gnurl] 196/220: cleanup: move functions out of url.c and make them static
Index(es):
- Date
- Thread