mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 04:53:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #20278: Fixed double free bug in crypto/http/http_client.c

Browse Source 
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20351)
This commit is contained in:
Jeeban Sethi 2023-02-21 21:31:43 +05:30 committed by Pauli
parent 0c9646ec37
commit 7fed5193d2
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/http/http_client.c
View File

@ -1176,7 +1176,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
char *port;
char *path;
int use_ssl;
OSSL_HTTP_REQ_CTX *rctx;
OSSL_HTTP_REQ_CTX *rctx = NULL;
BIO *resp = NULL;
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
@ -1202,10 +1202,12 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
NULL /* req */,
expected_ct, expect_asn1, max_resp_len,
-1 /* use same max time (timeout) */,
0 /* no keep_alive */))
0 /* no keep_alive */)) {
OSSL_HTTP_REQ_CTX_free(rctx);
else
rctx = NULL;
} else {
resp = OSSL_HTTP_exchange(rctx, &redirection_url);
}
}
OPENSSL_free(path);
if (resp == NULL && redirection_url != NULL) {
@ -1220,6 +1222,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
OPENSSL_free(host);
OPENSSL_free(port);
(void)OSSL_HTTP_close(rctx, 1);
rctx = NULL;
BIO_free(resp);
OPENSSL_free(current_url);
return NULL;
@ -1229,6 +1232,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
OPENSSL_free(host);
OPENSSL_free(port);
(void)OSSL_HTTP_close(rctx, 1);
rctx = NULL;
continue;
}
/* if redirection not allowed, ignore it */
@ -1238,6 +1242,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
OPENSSL_free(port);
if (!OSSL_HTTP_close(rctx, resp != NULL)) {
BIO_free(resp);
rctx = NULL;
resp = NULL;
}
break;