libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit 45aa83f172b53e1700826cd223b3d95776b053b4
parent 0e4d6c2f934f44886816d701eef4a7edae81dc47
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sun, 21 Jan 2024 11:44:15 +0100

fix memory leak on error path

Diffstat:

Msrc/microhttpd/connection.c | 40+++++++++++++++++++++++++++-------------


1 file changed, 27 insertions(+), 13 deletions(-)

diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
@@ -104,7 +104,7 @@
   "<body><p>The total size of the request headers, which includes the " \
   "request target and the request field lines, exceeds the memory " \
   "constraints of this web server.</p>" \
-  "<p>The request could be re-tried with shorter field lines, a shorter "\
+  "<p>The request could be re-tried with shorter field lines, a shorter " \
   "request target or a shorter request method token.</p></body>" \
   "</html>"
 #else
@@ -120,7 +120,7 @@
   "<head><title>Request too big</title></head>" \
   "<body><p>The total size of the request headers, which includes the " \
   "request target and the request field lines, exceeds the memory " \
-  "constraints of this web server.</p> "\
+  "constraints of this web server.</p> " \
   "<p>The request could be re-tried with smaller " \
   "<b>&quot;Cookie:&quot;</b> field value, shorter other field lines, " \
   "a shorter request target or a shorter request method token.</p></body> " \
@@ -447,7 +447,7 @@
 #define REQUEST_LACKS_HOST \
   "<html>" \
   "<head><title>&quot;Host:&quot; header required</title></head>" \
-  "<body>HTTP/1.1 request without <b>&quot;Host:&quot;</b>.</body>"\
+  "<body>HTTP/1.1 request without <b>&quot;Host:&quot;</b>.</body>" \
   "</html>"
 
 #else
@@ -556,7 +556,7 @@
 #define ERROR_MSG_DATA_NOT_HANDLED_BY_APP \
   "<html><head><title>Internal server error</title></head>" \
   "<body>Please ask the developer of this Web server to carefully " \
-  "read the GNU libmicrohttpd documentation about connection "\
+  "read the GNU libmicrohttpd documentation about connection " \
   "management and blocking.</body></html>"
 #else
 #define ERROR_MSG_DATA_NOT_HANDLED_BY_APP ""
@@ -2785,7 +2785,8 @@ transmit_error_response_len (struct MHD_Connection *connection,
   { /* Should not happen */
     if (MHD_CONNECTION_CLOSED > connection->state)
       connection->state = MHD_CONNECTION_CLOSED;
-
+    free (header_name);
+    free (header_value);
     return;
   }
   connection->stop_with_error = true;
@@ -2808,6 +2809,8 @@ transmit_error_response_len (struct MHD_Connection *connection,
 #endif
     CONNECTION_CLOSE_ERROR (connection,
                             _ ("Too late for error response."));
+    free (header_name);
+    free (header_value);
     return;
   }
   /* TODO: remove when special error queue function is implemented */
@@ -2840,6 +2843,8 @@ transmit_error_response_len (struct MHD_Connection *connection,
 #endif
     /* can't even send a reply, at least close the connection */
     connection->state = MHD_CONNECTION_CLOSED;
+    free (header_name);
+    free (header_value);
     return;
   }
   mhd_assert ((0 == header_name_len) || (NULL != header_name));
@@ -2850,7 +2855,8 @@ transmit_error_response_len (struct MHD_Connection *connection,
   mhd_assert ((NULL != header_value) || (NULL == header_name));
   if (NULL != header_name)
   {
-    iret = MHD_add_response_entry_no_alloc_ (response, MHD_HEADER_KIND,
+    iret = MHD_add_response_entry_no_alloc_ (response,
+                                             MHD_HEADER_KIND,
                                              header_name, header_name_len,
                                              header_value, header_value_len);
     if (MHD_NO == iret)
@@ -5447,15 +5453,16 @@ send_redirect_fixed_rq_target (struct MHD_Connection *c)
   size_t o;
   char *hdr_name;
   size_t hdr_name_len;
+
   mhd_assert (MHD_CONNECTION_REQ_LINE_RECEIVING == c->state);
   mhd_assert (0 != c->rq.hdrs.rq_line.num_ws_in_uri);
   mhd_assert (c->rq.hdrs.rq_line.num_ws_in_uri <= \
               c->rq.req_target_len);
   fixed_uri_len = c->rq.req_target_len
                   + 2 * c->rq.hdrs.rq_line.num_ws_in_uri;
-  if ((fixed_uri_len + 200 > c->daemon->pool_size) ||
-      (fixed_uri_len > MHD_MAX_FIXED_URI_LEN) ||
-      (NULL == (b = malloc (fixed_uri_len + 1))))
+  if ( (fixed_uri_len + 200 > c->daemon->pool_size) ||
+       (fixed_uri_len > MHD_MAX_FIXED_URI_LEN) ||
+       (NULL == (b = malloc (fixed_uri_len + 1))) )
   {
     connection_close_error (c,
                             _ ("The request has whitespace character is " \
@@ -5469,6 +5476,7 @@ send_redirect_fixed_rq_target (struct MHD_Connection *c)
   do
   {
     const char chr = c->rq.hdrs.rq_line.rq_tgt[i++];
+
     mhd_assert ('\r' != chr); /* Replaced during request line parsing */
     mhd_assert ('\n' != chr); /* Rejected during request line parsing */
     mhd_assert (0 != chr); /* Rejected during request line parsing */
@@ -5506,11 +5514,17 @@ send_redirect_fixed_rq_target (struct MHD_Connection *c)
   hdr_name = malloc (hdr_name_len + 1);
   if (NULL != hdr_name)
   {
-    memcpy (hdr_name, MHD_HTTP_HEADER_LOCATION, hdr_name_len + 1);
-    transmit_error_response_header (c, MHD_HTTP_MOVED_PERMANENTLY,
+    memcpy (hdr_name,
+            MHD_HTTP_HEADER_LOCATION,
+            hdr_name_len + 1);
+    /* hdr_name and b are free()d within this call */
+    transmit_error_response_header (c,
+                                    MHD_HTTP_MOVED_PERMANENTLY,
                                     RQ_TARGET_INVALID_CHAR,
-                                    hdr_name, hdr_name_len,
-                                    b, o);
+                                    hdr_name,
+                                    hdr_name_len,
+                                    b,
+                                    o);
     return;
   }
   free (b);