From: GuoHan Zhao <[email protected]> When password-secret is used, curl_open() resolves it with qcrypto_secret_lookup_as_utf8() and stores the returned buffer in s->password.
Unlike s->proxypassword, s->password is not freed either in the open failure path or in curl_close(), so the resolved secret leaks once it has been allocated. Free s->password in both cleanup paths. Signed-off-by: GuoHan Zhao <[email protected]> --- block/curl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/block/curl.c b/block/curl.c index 66aecfb20ec6..419df78258bc 100644 --- a/block/curl.c +++ b/block/curl.c @@ -903,6 +903,7 @@ out_noclean: g_free(s->cookie); g_free(s->url); g_free(s->username); + g_free(s->password); g_free(s->proxyusername); g_free(s->proxypassword); if (s->sockets) { @@ -1014,6 +1015,7 @@ static void curl_close(BlockDriverState *bs) g_free(s->cookie); g_free(s->url); g_free(s->username); + g_free(s->password); g_free(s->proxyusername); g_free(s->proxypassword); } -- 2.43.0
