~lastrosade/jsthttpd

4585f388ccf5e7d4ff892719be53598263b1574d — Anthony G. Basile 9 years ago 02bbda2
www/cgi-bin/ssi.c: fix a potential memory leak

When failing to allocate memory to authname, check_filename() returns
without first freeing memory already allocated to dirname.  In the
unlikely situation that malloc succeeds in allocating to dirname but
then subsequently fails to allocate to authname, the former memory is
leaked.

X-sthttpd-Bug: 1
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=1
Reported-by: Roger Sibert <roger_sibert@us.xyratex.com>
Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu>
1 files changed, 3 insertions(+), 0 deletions(-)

M www/cgi-bin/ssi.c
M www/cgi-bin/ssi.c => www/cgi-bin/ssi.c +3 -0
@@ 265,7 265,10 @@ check_filename( char* filename )
	*cp = '\0';
    authname = malloc( strlen( dirname ) + 1 + sizeof(AUTH_FILE) );
    if ( authname == (char*) 0 )
	{
	free( dirname );
	return 0;	/* out of memory */
	}
    (void) sprintf( authname, "%s/%s", dirname, AUTH_FILE );
    r = stat( authname, &sb );
    free( dirname );