diff options
author | JinWang An <jinwang.an@samsung.com> | 2021-02-19 08:58:23 +0900 |
---|---|---|
committer | JinWang An <jinwang.an@samsung.com> | 2021-02-19 08:58:23 +0900 |
commit | 36504903e48df444c6f3db5776527ca1b1f2514d (patch) | |
tree | cecc508af40196038ab95b9c6a08297b720de191 | |
parent | 2bbfb5bd8e6be73480018b4ac92befb4736c5bba (diff) | |
download | cmake-36504903e48df444c6f3db5776527ca1b1f2514d.tar.gz cmake-36504903e48df444c6f3db5776527ca1b1f2514d.tar.bz2 cmake-36504903e48df444c6f3db5776527ca1b1f2514d.zip |
[CVE-2019-5481] Fix Double-free vulnerability
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
Change-Id: I99c27c62c1b7d15c2579102d2aac6d5a9a0a3d43
Signed-off-by: JinWang An <jinwang.an@samsung.com>
-rw-r--r-- | Utilities/cmcurl/lib/security.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/Utilities/cmcurl/lib/security.c b/Utilities/cmcurl/lib/security.c index 76951548d..831cf71c7 100644 --- a/Utilities/cmcurl/lib/security.c +++ b/Utilities/cmcurl/lib/security.c @@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn, struct krb5buffer *buf) { int len; - void *tmp = NULL; CURLcode result; result = socket_read(fd, &len, sizeof(len)); @@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn, if(len) { /* only realloc if there was a length */ len = ntohl(len); - tmp = Curl_saferealloc(buf->data, len); + buf->data = Curl_saferealloc(buf->data, len); } - if(tmp == NULL) + if(!len || !buf->data) return CURLE_OUT_OF_MEMORY; - buf->data = tmp; result = socket_read(fd, buf->data, len); if(result) return result; |