From 385fc7319d6d11da099be4071c13255361d2bbec Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Fri, 13 Oct 2023 08:48:16 +0000 Subject: automatic import of curl --- ...ls-avoid-memory-leak-if-sha256-call-fails.patch | 41 ++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 backport-vtls-avoid-memory-leak-if-sha256-call-fails.patch (limited to 'backport-vtls-avoid-memory-leak-if-sha256-call-fails.patch') diff --git a/backport-vtls-avoid-memory-leak-if-sha256-call-fails.patch b/backport-vtls-avoid-memory-leak-if-sha256-call-fails.patch new file mode 100644 index 0000000..bf475bc --- /dev/null +++ b/backport-vtls-avoid-memory-leak-if-sha256-call-fails.patch @@ -0,0 +1,41 @@ +From a4a5e438ae533c9af5e97457ae424c9189545105 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 12 Jun 2023 14:10:37 +0200 +Subject: [PATCH] vtls: avoid memory leak if sha256 call fails + +... in the pinned public key handling function. + +Reported-by: lizhuang0630 on github +Fixes #11306 +Closes #11307 + +Conflict: NA +Reference: https://github.com/curl/curl/commit/a4a5e438ae533c9af5e97457ae424c9189545105 +--- + lib/vtls/vtls.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c +index a4ff7d61a6193..cdd3a4fdc1c14 100644 +--- a/lib/vtls/vtls.c ++++ b/lib/vtls/vtls.c +@@ -907,14 +907,12 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, + if(!sha256sumdigest) + return CURLE_OUT_OF_MEMORY; + encode = Curl_ssl->sha256sum(pubkey, pubkeylen, +- sha256sumdigest, CURL_SHA256_DIGEST_LENGTH); ++ sha256sumdigest, CURL_SHA256_DIGEST_LENGTH); + +- if(encode != CURLE_OK) +- return encode; +- +- encode = Curl_base64_encode((char *)sha256sumdigest, +- CURL_SHA256_DIGEST_LENGTH, &encoded, +- &encodedlen); ++ if(!encode) ++ encode = Curl_base64_encode((char *)sha256sumdigest, ++ CURL_SHA256_DIGEST_LENGTH, &encoded, ++ &encodedlen); + Curl_safefree(sha256sumdigest); + + if(encode) -- cgit v1.2.3