aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrei Cipu <acipu@ixiacom.com>2012-03-22 08:52:45 +0100
committerDaniel Stenberg <daniel@haxx.se>2012-03-22 08:56:33 +0100
commit97b66ebefe2090aea734af57c5e7e182a97f20bb (patch)
tree0c4ee585898a45aa1da238013ed04f61212a8e4c
parentd2e5222ebc1568d54a2d6068250391345b99cc82 (diff)
cookies: strip the numerical ipv6 host properly
The commit e650dbde86d4 that stripped off [brackets] from ipv6-only host headers for the sake of cookie parsing wrongly incremented the host pointer which would cause a bad free() call later on.
-rw-r--r--lib/http.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/http.c b/lib/http.c
index a8b3e28fd..ec76bbe46 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1851,9 +1851,13 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
the bracket has been closed */
int startsearch = 0;
if(*cookiehost == '[') {
- char *closingbracket = strchr(++cookiehost, ']');
+ char *closingbracket;
+ closingbracket = strchr(cookiehost+1, ']');
if(closingbracket)
*closingbracket = 0;
+ /* since the 'cookiehost' is an allocated memory area that will be
+ freed later we cannot simply increment the pointer */
+ memmove(cookiehost, cookiehost + 1, strlen(cookiehost) - 1);
}
else {
char *colon = strchr(cookiehost + startsearch, ':');