Fix memory leak in curl_sasl.c #667
Conversation
If any parameter in a HTTP DIGEST challenge message is present multiple times, memory allocated for all but the last entry should be freed.
I'm ok with this but I think that's a really weird thing to see especially if they have the same algorithm. What server are you seeing that on? It says this for algorithm in RFC 2617:
I would expect a different Digest challenge is somehow separated though and prefixed with 'Digest'. Even if it is it would appear we ignore duplicate digest messages see https://github.com/curl/curl/blob/curl-7_47_1/lib/http.c#L850-L872 |
I was able to verify the problem and checked in test 1437 which shows it. |
The snippet in the first comment is just most simple testcase which I prepared to demonstrate the issue. The original server response (obtained by fuzzing) doesn't make any sense for me too (in fact, it was more erroneous as it had invalid algorithm field). |
If any parameter in a HTTP DIGEST challenge message is present multiple times, memory allocated for all but the last entry should be freed. Bug: #667
Thanks Emil, landed in 3fa220a. And thanks for the test Dan. |
If any parameter in a HTTP DIGEST challenge message is present multiple
times, memory allocated for all but the last entry should be freed.
Server answer to reproduce the leak is:
Two blocks will be "definitely lost" in valgrind: one for the first algorithm and one for the first nonce.