diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2011-01-25 12:06:50 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2011-01-25 12:06:50 +0100 |
| commit | dbcaa0065719acc0383307f13d02d3d0c9b5c635 (patch) | |
| tree | ba5429e85c29deb20b592350552744d3a8631963 | |
| parent | 4b837a7e1541c151f6ea16fde92b6f57c5827d8a (diff) | |
HTTP: memory leak on multiple Location:
The HTTP parser allocated memory on each received Location: header
without properly freeing old data. Starting now, the code only considers
the first Location: header and will blissfully ignore subsequent ones.
Bug: http://curl.haxx.se/bug/view.cgi?id=3165129
Reported by: Martin Lemke
| -rw-r--r-- | lib/http.c | 4 | ||||
| -rw-r--r-- | tests/data/test580 | 58 | ||||
| -rw-r--r-- | tests/libtest/lib507.c | 1 |
3 files changed, 61 insertions, 2 deletions
diff --git a/lib/http.c b/lib/http.c index b61426ec5..40ae6b7db 100644 --- a/lib/http.c +++ b/lib/http.c @@ -3723,7 +3723,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data, return result; } else if((k->httpcode >= 300 && k->httpcode < 400) && - checkprefix("Location:", k->p)) { + checkprefix("Location:", k->p) && + !data->req.location) { /* this is the URL that the server advises us to use instead */ char *location = Curl_copy_header_value(k->p); if (!location) @@ -3732,7 +3733,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data, /* ignore empty data */ free(location); else { - DEBUGASSERT(!data->req.location); data->req.location = location; if(data->set.http_follow_location) { diff --git a/tests/data/test580 b/tests/data/test580 new file mode 100644 index 000000000..8256f0e2e --- /dev/null +++ b/tests/data/test580 @@ -0,0 +1,58 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +multi +Duplicate-header +</keywords> +</info> + +# Server-side +<reply> +<data> +HTTP/1.1 302 eat this! +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Location: this-is-the-first.html +Content-Length: 0 +Connection: close +Location: and there's a second one too! / moo.html + +</data> +</reply> + +# Client-side +<client> +<server> +http +</server> +<features> +http +</features> +# tool is what to use instead of 'curl' +<tool> +lib507 +</tool> + + <name> +multi interface, multiple Location: headers + </name> + <command> +http://%HOSTIP:%HTTPPORT/580 +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /580 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol> +</verify> +</testcase> diff --git a/tests/libtest/lib507.c b/tests/libtest/lib507.c index 9707c9b07..012d8f454 100644 --- a/tests/libtest/lib507.c +++ b/tests/libtest/lib507.c @@ -48,6 +48,7 @@ int test(char *URL) } test_setopt(curls, CURLOPT_URL, URL); + test_setopt(curls, CURLOPT_HEADER, 1L); if ((ret = curl_multi_add_handle(multi, curls)) != CURLM_OK) { fprintf(stderr, "curl_multi_add_handle() failed, " |