From 93b4a605263612cf32ad9de746a4fafaf4515115 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sun, 18 Dec 2011 05:11:56 +0100 Subject: [PATCH] wget: fix use-after-free on redirect function old new delta wget_main 2153 2168 +15 Signed-off-by: Denys Vlasenko --- networking/wget.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/networking/wget.c b/networking/wget.c index 94a2f7c3d..1991a1072 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -557,6 +557,7 @@ static void download_one_url(const char *url) FILE *dfp; /* socket to ftp server (data) */ char *proxy = NULL; char *fname_out_alloc; + char *redirected_path = NULL; struct host_info server; struct host_info target; @@ -793,8 +794,8 @@ However, in real world it was observed that some web servers bb_error_msg_and_die("too many redirections"); fclose(sfp); if (str[0] == '/') { - free(target.allocated); - target.path = target.allocated = xstrdup(str+1); + free(redirected_path); + target.path = redirected_path = xstrdup(str+1); /* lsa stays the same: it's on the same server */ } else { parse_url(str, &target); @@ -849,6 +850,7 @@ However, in real world it was observed that some web servers free(server.allocated); free(target.allocated); free(fname_out_alloc); + free(redirected_path); } int wget_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;