aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2011-01-25 12:06:50 +0100
committerDaniel Stenberg <daniel@haxx.se>2011-01-25 12:06:50 +0100
commitdbcaa0065719acc0383307f13d02d3d0c9b5c635 (patch)
treeba5429e85c29deb20b592350552744d3a8631963
parent4b837a7e1541c151f6ea16fde92b6f57c5827d8a (diff)
HTTP: memory leak on multiple Location:
The HTTP parser allocated memory on each received Location: header without properly freeing old data. Starting now, the code only considers the first Location: header and will blissfully ignore subsequent ones. Bug: http://curl.haxx.se/bug/view.cgi?id=3165129 Reported by: Martin Lemke
-rw-r--r--lib/http.c4
-rw-r--r--tests/data/test58058
-rw-r--r--tests/libtest/lib507.c1
3 files changed, 61 insertions, 2 deletions
diff --git a/lib/http.c b/lib/http.c
index b61426ec5..40ae6b7db 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3723,7 +3723,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
return result;
}
else if((k->httpcode >= 300 && k->httpcode < 400) &&
- checkprefix("Location:", k->p)) {
+ checkprefix("Location:", k->p) &&
+ !data->req.location) {
/* this is the URL that the server advises us to use instead */
char *location = Curl_copy_header_value(k->p);
if (!location)
@@ -3732,7 +3733,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
/* ignore empty data */
free(location);
else {
- DEBUGASSERT(!data->req.location);
data->req.location = location;
if(data->set.http_follow_location) {
diff --git a/tests/data/test580 b/tests/data/test580
new file mode 100644
index 000000000..8256f0e2e
--- /dev/null
+++ b/tests/data/test580
@@ -0,0 +1,58 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+multi
+Duplicate-header
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 eat this!
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Location: this-is-the-first.html
+Content-Length: 0
+Connection: close
+Location: and there's a second one too! / moo.html
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+http
+</features>
+# tool is what to use instead of 'curl'
+<tool>
+lib507
+</tool>
+
+ <name>
+multi interface, multiple Location: headers
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/580
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /580 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/libtest/lib507.c b/tests/libtest/lib507.c
index 9707c9b07..012d8f454 100644
--- a/tests/libtest/lib507.c
+++ b/tests/libtest/lib507.c
@@ -48,6 +48,7 @@ int test(char *URL)
}
test_setopt(curls, CURLOPT_URL, URL);
+ test_setopt(curls, CURLOPT_HEADER, 1L);
if ((ret = curl_multi_add_handle(multi, curls)) != CURLM_OK) {
fprintf(stderr, "curl_multi_add_handle() failed, "