From 0b291bdef1b9b6b539f44aa896eb1211c57a67a5 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 24 Jan 2013 02:26:43 +0100 Subject: [PATCH] BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage A test is obviously wrong in uri_auth(). If strdup(pass) returns an error while strdup(user) passes, the NULL pointer is still stored into the structure. If the user returns the NULL instead, the allocated memory is not released before returning the error. The issue was present in 1.4 so the fix should be backported. Reported-by: Dinko Korunic --- src/uri_auth.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/uri_auth.c b/src/uri_auth.c index 5a9284931..837b71256 100644 --- a/src/uri_auth.c +++ b/src/uri_auth.c @@ -247,12 +247,19 @@ struct uri_auth *stats_add_auth(struct uri_auth **root, char *user) return NULL; newuser->user = strdup(user); - newuser->pass = strdup(pass); - newuser->flags |= AU_O_INSECURE; + if (!newuser->user) { + free(newuser); + return NULL; + } - if (!newuser->user || !newuser->user) + newuser->pass = strdup(pass); + if (!newuser->pass) { + free(newuser->user); + free(newuser); return NULL; + } + newuser->flags |= AU_O_INSECURE; newuser->next = u->userlist->users; u->userlist->users = newuser; -- 2.47.3