[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 137/222: cookie: avoid harmless use after free
From: |
gnunet |
Subject: |
[gnurl] 137/222: cookie: avoid harmless use after free |
Date: |
Thu, 07 Nov 2019 00:10:33 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 13ecc0725f723ce7068c114610f6d1418945705a
Author: Paul Dreik <address@hidden>
AuthorDate: Thu Oct 3 10:57:09 2019 +0200
cookie: avoid harmless use after free
This fix removes a use after free which can be triggered by
the internal cookie fuzzer, but otherwise is probably
impossible to trigger from an ordinary application.
The following program reproduces it:
curl_global_init(CURL_GLOBAL_DEFAULT);
CURL* handle=curl_easy_init();
CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false);
curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null");
Curl_flush_cookies(handle, true);
Curl_cookie_cleanup(info);
curl_easy_cleanup(handle);
curl_global_cleanup();
This was found through fuzzing.
Closes #4454
---
lib/cookie.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/cookie.c b/lib/cookie.c
index f6b52df2f..c6c4a7bdd 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -1646,6 +1646,7 @@ void Curl_flush_cookies(struct Curl_easy *data, int
cleanup)
if(cleanup && (!data->share || (data->cookies != data->share->cookies))) {
Curl_cookie_cleanup(data->cookies);
+ data->cookies = NULL;
}
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
}
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 123/222: AppVeyor: add 32-bit MinGW-w64 build, (continued)
- [gnurl] 123/222: AppVeyor: add 32-bit MinGW-w64 build, gnunet, 2019/11/06
- [gnurl] 130/222: tool_operate: rename functions to make more sense, gnunet, 2019/11/06
- [gnurl] 129/222: curl: create easy handles on-demand and not ahead of time, gnunet, 2019/11/06
- [gnurl] 131/222: urlapi: fix URL encoding when setting a full URL, gnunet, 2019/11/06
- [gnurl] 114/222: docs: disambiguate CURLUPART_HOST is for host name (ie no port), gnunet, 2019/11/06
- [gnurl] 132/222: redirect: when following redirects to an absolute URL, URL encode it, gnunet, 2019/11/06
- [gnurl] 99/222: HTTP3: show an --alt-svc using example too, gnunet, 2019/11/06
- [gnurl] 98/222: FTP: url-decode path before evaluation, gnunet, 2019/11/06
- [gnurl] 150/222: curl: --no-progress-meter, gnunet, 2019/11/06
- [gnurl] 128/222: CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt, gnunet, 2019/11/06
- [gnurl] 137/222: cookie: avoid harmless use after free,
gnunet <=
- [gnurl] 105/222: README: minor grammar fix, gnunet, 2019/11/06
- [gnurl] 103/222: quiche: don't close connection at end of stream!, gnunet, 2019/11/06
- [gnurl] 110/222: INSTALL: add vcpkg installation instructions, gnunet, 2019/11/06
- [gnurl] 101/222: Revert "FTP: url-decode path before evaluation", gnunet, 2019/11/06
- [gnurl] 104/222: HTTP3: fix prefix parameter for ngtcp2 build, gnunet, 2019/11/06
- [gnurl] 96/222: HTTP3: update quic.aiortc.org + add link to server list, gnunet, 2019/11/06
- [gnurl] 107/222: tests: fix narrowing conversion warnings, gnunet, 2019/11/06
- [gnurl] 116/222: BINDINGS: Kapito is an Erlang library, basically a binding, gnunet, 2019/11/06
- [gnurl] 111/222: RELEASE-NOTES: synced, gnunet, 2019/11/06
- [gnurl] 112/222: setopt: handle ALTSVC set to NULL, gnunet, 2019/11/06