When setting *_URL or *_PROXY in *_setopt(), it is important that we check

and possibly free the existing pointer first, and then clear the "allocated"
bit. We previously mistakenly could free the new pointer passed to us by
the friendly user...!

1 files changed, 14 insertions, 3 deletions

diff --git a/lib/url.c b/lib/url.c
index 6a0d62a81..66eedf473 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -483,9 +483,8 @@ CURLcode Curl_setopt(struct UrlData *data, CURLoption option, ...)
      * Set cookie file to read and parse.
      */
     cookiefile = (char *)va_arg(param, void *);
-    if(cookiefile) {
-      data->cookies = Curl_cookie_init(cookiefile);
-    }
+    if(cookiefile)
+      data->cookies = Curl_cookie_init(cookiefile, data->cookies);
     break;
   case CURLOPT_WRITEHEADER:
     /*
@@ -582,6 +581,11 @@ CURLcode Curl_setopt(struct UrlData *data, CURLoption option, ...)
     /*
      * The URL to fetch.
      */
+    if(data->bits.urlstringalloc) {
+      /* the already set URL is allocated, free it first! */
+      free(data->url);
+      data->bits.urlstringalloc=FALSE;
+    }
     data->url = va_arg(param, char *);
     break;
   case CURLOPT_PORT:
@@ -628,6 +632,13 @@ CURLcode Curl_setopt(struct UrlData *data, CURLoption option, ...)
     /*
      * Set proxy server:port to use as HTTP proxy
      */
+    if(data->bits.proxystringalloc) {
+      /*
+       * The already set string is allocated, free that first
+       */
+      data->bits.proxystringalloc=FALSE;;
+      free(data->proxy);
+    }
     data->proxy = va_arg(param, char *);
     data->bits.httpproxy = data->proxy?1:0;
     break;