Blame SOURCES/0001-curl-7.76.1-resource-leaks.patch

d889a8
From 2281afef6757ed66c9e8a9a737aa91cb9e2950ef Mon Sep 17 00:00:00 2001
d889a8
From: Kamil Dudka <kdudka@redhat.com>
d889a8
Date: Fri, 30 Apr 2021 18:14:45 +0200
d889a8
Subject: [PATCH 1/2] http2: fix resource leaks in set_transfer_url()
d889a8
d889a8
... detected by Coverity:
d889a8
d889a8
Error: RESOURCE_LEAK (CWE-772):
d889a8
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
d889a8
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
d889a8
lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
d889a8
lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
d889a8
d889a8
Error: RESOURCE_LEAK (CWE-772):
d889a8
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
d889a8
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
d889a8
lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
d889a8
lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
d889a8
d889a8
Error: RESOURCE_LEAK (CWE-772):
d889a8
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
d889a8
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
d889a8
lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
d889a8
lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
d889a8
d889a8
Error: RESOURCE_LEAK (CWE-772):
d889a8
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
d889a8
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
d889a8
lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.]
d889a8
lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
d889a8
d889a8
Closes #6986
d889a8
d889a8
Upstream-commit: 31931704707324af4b4edb24cc877829f7e9949e
d889a8
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
d889a8
---
d889a8
 lib/http2.c | 24 +++++++++++++++++-------
d889a8
 1 file changed, 17 insertions(+), 7 deletions(-)
d889a8
d889a8
diff --git a/lib/http2.c b/lib/http2.c
d889a8
index ce9a0d3..d5ba89b 100644
d889a8
--- a/lib/http2.c
d889a8
+++ b/lib/http2.c
d889a8
@@ -500,32 +500,42 @@ static int set_transfer_url(struct Curl_easy *data,
d889a8
   CURLU *u = curl_url();
d889a8
   CURLUcode uc;
d889a8
   char *url;
d889a8
+  int rc = 0;
d889a8
 
d889a8
   v = curl_pushheader_byname(hp, ":scheme");
d889a8
   if(v) {
d889a8
     uc = curl_url_set(u, CURLUPART_SCHEME, v, 0);
d889a8
-    if(uc)
d889a8
-      return 1;
d889a8
+    if(uc) {
d889a8
+      rc = 1;
d889a8
+      goto fail;
d889a8
+    }
d889a8
   }
d889a8
 
d889a8
   v = curl_pushheader_byname(hp, ":authority");
d889a8
   if(v) {
d889a8
     uc = curl_url_set(u, CURLUPART_HOST, v, 0);
d889a8
-    if(uc)
d889a8
-      return 2;
d889a8
+    if(uc) {
d889a8
+      rc = 2;
d889a8
+      goto fail;
d889a8
+    }
d889a8
   }
d889a8
 
d889a8
   v = curl_pushheader_byname(hp, ":path");
d889a8
   if(v) {
d889a8
     uc = curl_url_set(u, CURLUPART_PATH, v, 0);
d889a8
-    if(uc)
d889a8
-      return 3;
d889a8
+    if(uc) {
d889a8
+      rc = 3;
d889a8
+      goto fail;
d889a8
+    }
d889a8
   }
d889a8
 
d889a8
   uc = curl_url_get(u, CURLUPART_URL, &url, 0);
d889a8
   if(uc)
d889a8
-    return 4;
d889a8
+    rc = 4;
d889a8
+  fail:
d889a8
   curl_url_cleanup(u);
d889a8
+  if(rc)
d889a8
+    return rc;
d889a8
 
d889a8
   if(data->state.url_alloc)
d889a8
     free(data->state.url);
d889a8
-- 
d889a8
2.30.2
d889a8
d889a8
d889a8
From 92ad72983f8462be1d5a5228672657ddf4d7ed72 Mon Sep 17 00:00:00 2001
d889a8
From: Kamil Dudka <kdudka@redhat.com>
d889a8
Date: Fri, 30 Apr 2021 18:18:02 +0200
d889a8
Subject: [PATCH 2/2] http2: fix a resource leak in push_promise()
d889a8
d889a8
... detected by Coverity:
d889a8
d889a8
Error: RESOURCE_LEAK (CWE-772):
d889a8
lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle".
d889a8
lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)".
d889a8
lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url".
d889a8
lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to.
d889a8
d889a8
Closes #6986
d889a8
d889a8
Upstream-commit: 3a6058cb976981ec1db870f9657c73c9a1162822
d889a8
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
d889a8
---
d889a8
 lib/http2.c | 1 +
d889a8
 1 file changed, 1 insertion(+)
d889a8
d889a8
diff --git a/lib/http2.c b/lib/http2.c
d889a8
index d5ba89b..d0f69ea 100644
d889a8
--- a/lib/http2.c
d889a8
+++ b/lib/http2.c
d889a8
@@ -581,6 +581,7 @@ static int push_promise(struct Curl_easy *data,
d889a8
 
d889a8
     rv = set_transfer_url(newhandle, &heads);
d889a8
     if(rv) {
d889a8
+      (void)Curl_close(&newhandle);
d889a8
       rv = CURL_PUSH_DENY;
d889a8
       goto fail;
d889a8
     }
d889a8
-- 
d889a8
2.30.2
d889a8