On 08/15/2015 12:11 PM, Darshit Shah wrote:
I just ran coverity scan against the latest git code and it came up
with a bunch of new defects. Maybe we should take a look at them when
possible?
I fixed a memory leak in the HSTS code (function
'parse_strict_transport_security').
Regards,
- AJ
From 5a4a45ffc34619e24b9359247fbc72eaeb0d8d74 Mon Sep 17 00:00:00 2001
From: Ander Juaristi ajuari...@gmx.es
Date: Wed, 26 Aug 2015 12:35:02 +0200
Subject: [PATCH] Fix resource leak.
* src/http.c (parse_strict_transport_security): Freed memory to avoid resource leak.
Comply with GNU coding style.
---
src/http.c | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/http.c b/src/http.c
index 834f59d..69d87cd 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1272,12 +1272,12 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl
{
/* Process the STS header. Keys should be matched case-insensitively. */
for (; extract_param (header, name, value, ';', is_url_encoded); is_url_encoded = false)
- {
- if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, max-age))
- c_max_age = strdupdelim (value.b, value.e);
- else if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, includeSubDomains))
- is = true;
- }
+{
+ if (BOUNDED_EQUAL_NO_CASE (name.b, name.e, max-age))
+c_max_age = strdupdelim (value.b, value.e);
+ else if (BOUNDED_EQUAL_NO_CASE (name.b, name.e, includeSubDomains))
+is = true;
+}
/* pass the parsed values over */
if (c_max_age)
@@ -1291,10 +1291,11 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl
if (include_subdomains)
*include_subdomains = is;
- DEBUGP((Parsed Strict-Transport-Security max-age = %s, includeSubDomains = %s\n,
+ DEBUGP ((Parsed Strict-Transport-Security max-age = %s, includeSubDomains = %s\n,
c_max_age, (is ? true : false)));
- success = true;
+ xfree (c_max_age);
+ success = true;
}
else
{
--
1.9.1