* src/openssl.c, src/gnutls.c (ssl_init): Copy options using xstrdup --- Wget crashes with a double free bug when compiled with -DDEBUG_MALLOC and only one option of --certificate or --private-key is given. To reproduce it, run
./src/wget --certificate=sample.pem https://www.example.org This occurs with both gnutls and openssl. Thanks, Rohit src/gnutls.c | 4 ++-- src/openssl.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/gnutls.c b/src/gnutls.c index 5a89e06..be04342 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -184,13 +184,13 @@ ssl_init (void) /* Use the private key from the cert file unless otherwise specified. */ if (opt.cert_file && !opt.private_key) { - opt.private_key = opt.cert_file; + opt.private_key = xstrdup (opt.cert_file); opt.private_key_type = opt.cert_type; } /* Use the cert from the private key file unless otherwise specified. */ if (!opt.cert_file && opt.private_key) { - opt.cert_file = opt.private_key; + opt.cert_file = xstrdup (opt.private_key); opt.cert_type = opt.private_key_type; } diff --git a/src/openssl.c b/src/openssl.c index b8a9614..b6cdb8d 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -292,7 +292,7 @@ ssl_init (void) /* Use the private key from the cert file unless otherwise specified. */ if (opt.cert_file && !opt.private_key) { - opt.private_key = opt.cert_file; + opt.private_key = xstrdup (opt.cert_file); opt.private_key_type = opt.cert_type; } -- 2.3.0
