Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
curl-mini
curl-CVE-2019-5481.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2019-5481.patch of Package curl-mini
From df710e843f07001ee629ab5b7169c9cb5bef21f8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 3 Sep 2019 22:59:32 +0200 Subject: [PATCH] security:read_data fix bad realloc() ... that could end up a double-free --- lib/security.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/security.c b/lib/security.c index 550ea2da8..c5e4e135d 100644 --- a/lib/security.c +++ b/lib/security.c @@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn, struct krb5buffer *buf) { int len; - void *tmp = NULL; CURLcode result; result = socket_read(fd, &len, sizeof(len)); @@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn, if(len) { /* only realloc if there was a length */ len = ntohl(len); - tmp = Curl_saferealloc(buf->data, len); + buf->data = Curl_saferealloc(buf->data, len); } - if(tmp == NULL) + if(!len || !buf->data) return CURLE_OUT_OF_MEMORY; - buf->data = tmp; result = socket_read(fd, buf->data, len); if(result) return result; -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor