On 08/15/2015 12:11 PM, Darshit Shah wrote:
I just ran coverity scan against the latest git code and it came up with a bunch of new defects. Maybe we should take a look at them when possible?
I fixed a memory leak in the HSTS code (function 'parse_strict_transport_security'). Regards, - AJ
>From 5a4a45ffc34619e24b9359247fbc72eaeb0d8d74 Mon Sep 17 00:00:00 2001 From: Ander Juaristi <[email protected]> Date: Wed, 26 Aug 2015 12:35:02 +0200 Subject: [PATCH] Fix resource leak. * src/http.c (parse_strict_transport_security): Freed memory to avoid resource leak. Comply with GNU coding style. --- src/http.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/http.c b/src/http.c index 834f59d..69d87cd 100644 --- a/src/http.c +++ b/src/http.c @@ -1272,12 +1272,12 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl { /* Process the STS header. Keys should be matched case-insensitively. */ for (; extract_param (&header, &name, &value, ';', &is_url_encoded); is_url_encoded = false) - { - if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, "max-age")) - c_max_age = strdupdelim (value.b, value.e); - else if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, "includeSubDomains")) - is = true; - } + { + if (BOUNDED_EQUAL_NO_CASE (name.b, name.e, "max-age")) + c_max_age = strdupdelim (value.b, value.e); + else if (BOUNDED_EQUAL_NO_CASE (name.b, name.e, "includeSubDomains")) + is = true; + } /* pass the parsed values over */ if (c_max_age) @@ -1291,10 +1291,11 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl if (include_subdomains) *include_subdomains = is; - DEBUGP(("Parsed Strict-Transport-Security max-age = %s, includeSubDomains = %s\n", + DEBUGP (("Parsed Strict-Transport-Security max-age = %s, includeSubDomains = %s\n", c_max_age, (is ? "true" : "false"))); - success = true; + xfree (c_max_age); + success = true; } else { -- 1.9.1
