Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 0b291bdef1b9b6b539f44aa896eb1211c57a67a5^! / .
commit0b291bdef1b9b6b539f44aa896eb1211c57a67a5[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Thu Jan 24 02:26:43 2013 +0100
committerWilly Tarreau <w@1wt.eu>Thu Jan 24 16:19:19 2013 +0100
tree0dba3b09b6c44a44b808ee3a12004d3468589ad8
parentde2dd6b1250579c46ff085d8dad760d6d5ca9407 [diff]
BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage

A test is obviously wrong in uri_auth(). If strdup(pass) returns an error
while strdup(user) passes, the NULL pointer is still stored into the
structure. If the user returns the NULL instead, the allocated memory is
not released before returning the error.

The issue was present in 1.4 so the fix should be backported.

Reported-by: Dinko Korunic <dkorunic@reflected.net>

diff --git a/src/uri_auth.c b/src/uri_auth.c
index 5a92849..837b712 100644
--- a/src/uri_auth.c
+++ b/src/uri_auth.c

@@ -247,12 +247,19 @@
 		return NULL;
 
 	newuser->user = strdup(user);
-	newuser->pass = strdup(pass);
-	newuser->flags |= AU_O_INSECURE;
+	if (!newuser->user) {
+		free(newuser);
+		return NULL;
+	}
 
-	if (!newuser->user || !newuser->user)
+	newuser->pass = strdup(pass);
+	if (!newuser->pass) {
+		free(newuser->user);
+		free(newuser);
 		return NULL;
+	}
 
+	newuser->flags |= AU_O_INSECURE;
 	newuser->next = u->userlist->users;
 	u->userlist->users = newuser;