From 9ad74ade2c57564a7f92bbbb251b82891c982398 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 17 Feb 2021 11:53:32 +0100 Subject: parse_proxy: fix a memory leak in the OOM path Reported-by: Jay Satiro Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541 --- lib/url.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/lib/url.c b/lib/url.c index ae6c8e9c1..1fc04af60 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2403,13 +2403,18 @@ static CURLcode parse_proxy(struct Curl_easy *data, proxyinfo->proxytype = proxytype; /* Is there a username and password given in this proxy url? */ - curl_url_get(uhp, CURLUPART_USER, &proxyuser, CURLU_URLDECODE); - curl_url_get(uhp, CURLUPART_PASSWORD, &proxypasswd, CURLU_URLDECODE); + uc = curl_url_get(uhp, CURLUPART_USER, &proxyuser, CURLU_URLDECODE); + if(uc && (uc != CURLUE_NO_USER)) + goto error; + uc = curl_url_get(uhp, CURLUPART_PASSWORD, &proxypasswd, CURLU_URLDECODE); + if(uc && (uc != CURLUE_NO_PASSWORD)) + goto error; + if(proxyuser || proxypasswd) { Curl_safefree(proxyinfo->user); proxyinfo->user = proxyuser; - result = Curl_setstropt(&data->state.aptr.proxyuser, - proxyuser); + result = Curl_setstropt(&data->state.aptr.proxyuser, proxyuser); + proxyuser = NULL; if(result) goto error; Curl_safefree(proxyinfo->passwd); @@ -2421,8 +2426,8 @@ static CURLcode parse_proxy(struct Curl_easy *data, } } proxyinfo->passwd = proxypasswd; - result = Curl_setstropt(&data->state.aptr.proxypasswd, - proxypasswd); + result = Curl_setstropt(&data->state.aptr.proxypasswd, proxypasswd); + proxypasswd = NULL; if(result) goto error; conn->bits.proxy_user_passwd = TRUE; /* enable it */ @@ -2470,6 +2475,8 @@ static CURLcode parse_proxy(struct Curl_easy *data, proxyinfo->host.name = host; error: + free(proxyuser); + free(proxypasswd); free(scheme); curl_url_cleanup(uhp); return result; -- cgit v1.2.1