From 68cfae08b22954fe952cfe590daa4b81a7f7124b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ketelaars?= Date: Fri, 29 Sep 2017 14:06:25 +0200 Subject: [PATCH] use-after-free bug in http.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD has some nifty features for the memory allocator. One of these features is 'use after free detection'. With this this feature enabled lpass segfaults. This segfault is explained by the order of curl_easy_cleanup and curl_easy_getinfo in http.c: First a libcurl easy handle is ended, and then it is used to gather some information. Description of curl_easy_cleanup states that "This function must be the last function to call for an easy session." Signed-off-by: Björn Ketelaars --- http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http.c b/http.c index 9332469f..71e9118c 100644 --- a/http.c +++ b/http.c @@ -310,8 +310,8 @@ char *http_post_lastpass_v_noexit(const char *server, const char *page, const st ret = curl_easy_perform(curl); unset_interrupt_detect(); - curl_easy_cleanup(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, http_code); + curl_easy_cleanup(curl); *curl_ret = ret; if (ret != CURLE_OK) {