Commit dbcaa006 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

HTTP: memory leak on multiple Location: 

The HTTP parser allocated memory on each received Location: header
without properly freeing old data. Starting now, the code only considers
the first Location: header and will blissfully ignore subsequent ones.

Bug: http://curl.haxx.se/bug/view.cgi?id=3165129
Reported by: Martin Lemke
parent 4b837a7e

lib/http.c

+2 −2
Original line number Diff line number Diff line
@@ -3723,7 +3723,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data, 
        return result;

    }

    else if((k->httpcode >= 300 && k->httpcode < 400) &&

            checkprefix("Location:", k->p)) {

            checkprefix("Location:", k->p) &&

            !data->req.location) {

      /* this is the URL that the server advises us to use instead */

      char *location = Curl_copy_header_value(k->p);

      if (!location)
@@ -3732,7 +3733,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data, 
        /* ignore empty data */

        free(location);

      else {

        DEBUGASSERT(!data->req.location);

        data->req.location = location;



        if(data->set.http_follow_location) {

tests/data/test580

0 → 100644
+58 −0
Original line number Diff line number Diff line 
<testcase>

<info>

<keywords>

HTTP

HTTP GET

multi

Duplicate-header

</keywords>

</info>



# Server-side

<reply>

<data>

HTTP/1.1 302 eat this!

Date: Thu, 09 Nov 2010 14:49:00 GMT

Server: test-server/fake

Location: this-is-the-first.html

Content-Length: 0

Connection: close

Location: and there's a second one too! / moo.html



</data>

</reply>



# Client-side

<client>

<server>

http

</server>

<features>

http

</features>

# tool is what to use instead of 'curl'

<tool>

lib507

</tool>



 <name>

multi interface, multiple Location: headers

 </name>

 <command>

http://%HOSTIP:%HTTPPORT/580

</command>

</client>



# Verify data after the test has been "shot"

<verify>

<strip>

^User-Agent:.*

</strip>

<protocol>

GET /580 HTTP/1.1

Host: %HOSTIP:%HTTPPORT

Accept: */*



</protocol>

</verify>

</testcase>

tests/libtest/lib507.c

+1 −0
Original line number Diff line number Diff line
@@ -48,6 +48,7 @@ int test(char *URL) 
  }



  test_setopt(curls, CURLOPT_URL, URL);

  test_setopt(curls, CURLOPT_HEADER, 1L);



  if ((ret = curl_multi_add_handle(multi, curls)) != CURLM_OK) {

    fprintf(stderr, "curl_multi_add_handle() failed, "