Commit ed783006 authored by Daniel Gustafsson's avatar Daniel Gustafsson
Browse files

darwinssl: Fix realloc memleak 



The reallocation was using the input pointer for the return value, which
leads to a memory leak on reallication failure. Fix by instead use the
safe internal API call Curl_saferealloc().

Closes #3005
Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
Reviewed-by: default avatarNick Zitzmann <nickzman@gmail.com>
parent 23524bf8

lib/vtls/darwinssl.c

+2 −1
Original line number Diff line number Diff line
@@ -120,6 +120,7 @@ 
#include "vtls.h"

#include "darwinssl.h"

#include "curl_printf.h"

#include "strdup.h"



#include "curl_memory.h"

/* The last #include file should be: */
@@ -2056,7 +2057,7 @@ static int read_cert(const char *file, unsigned char **out, size_t *outlen) 


    if(len + n >= cap) {

      cap *= 2;

      data = realloc(data, cap);

      data = Curl_saferealloc(data, cap);

      if(!data) {

        close(fd);

        return -1;