Discussion:
[PATCH] fix double free error after "too many HTTP redirections"
intact devel
2012-06-12 21:24:53 UTC
Permalink
--- http.c.orig 2012-06-12 23:04:58.000000000 +0200
+++ http.c 2012-06-12 23:05:58.000000000 +0200
@@ -445,10 +445,14 @@ void http_get_free(struct http_get *hg)
if (hg->proxy) {
http_free_uri(hg->proxy);
free(hg->proxy);
+ hg->proxy = NULL;
}
- if (hg->headers)
+ if (hg->headers) {
keyvals_free(hg->headers);
+ hg->headers = NULL;
+ }
free(hg->reason);
+ hg->reason = NULL;
}

char *base64_encode(const char *str)
Gregory Petrosyan
2012-06-13 08:28:09 UTC
Permalink
Otherwise, do_http_get() clinets will double-free it.

Reported-by: Peter Bjørn Jørgensen <***@gmail.com>
Signed-off-by: Gregory Petrosyan <***@gmail.com>
---

Thanks a lot for the patch, but I think that it is a wrong approach — more like
fixing a symptom (http_get_free) than a problem (do_http_get).

Can you please test if this patch fixes the crash? I've pushed it to the pu
branch.


input.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/input.c b/input.c
index 737c2aa..1813164 100644
--- a/input.c
+++ b/input.c
@@ -214,15 +214,17 @@ static int do_http_get(struct http_get *hg, const char *uri, int redirections)
val = keyvals_get_val(hg->headers, "location");
if (!val)
return -IP_ERROR_HTTP_RESPONSE;
- redirloc = xstrdup(val);
- http_get_free(hg);
- close(hg->fd);

redirections++;
if (redirections > 2)
return -IP_ERROR_HTTP_REDIRECT_LIMIT;

+ redirloc = xstrdup(val);
+ http_get_free(hg);
+ close(hg->fd);
+
rc = do_http_get(hg, redirloc, redirections);
+
free(redirloc);
return rc;
default:
--
1.7.10.4
Loading...