With rev 1.65 proxy_parse_uri() can assign a pointer to proxyport that is part of fullhost and so points to freed memory (once that function returns). The fix is to copy the port as well.
This should be a fix for https://github.com/rpki-client/rpki-client-portable/issues/74 -- :wq Claudio Index: http.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v retrieving revision 1.69 diff -u -p -r1.69 http.c --- http.c 20 Sep 2022 08:53:27 -0000 1.69 +++ http.c 18 Oct 2022 13:15:58 -0000 @@ -408,7 +408,8 @@ proxy_parse_uri(char *uri) if ((proxy.proxyhost = strdup(host)) == NULL) err(1, NULL); - proxy.proxyport = port; + if ((proxy.proxyport = strdup(port)) == NULL) + err(1, NULL); proxy.proxyauth = cookie; free(fullhost);
