Hi,
On 20/3/26 07:30, [email protected] wrote:
From: GuoHan Zhao <[email protected]>
When password-secret is used, curl_open() resolves it with
qcrypto_secret_lookup_as_utf8() and stores the returned buffer in
s->password.
Unlike s->proxypassword, s->password is not freed either in the open
failure path or in curl_close(), so the resolved secret leaks once it
has been allocated.
Free s->password in both cleanup paths.
Signed-off-by: GuoHan Zhao <[email protected]>
---
block/curl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/curl.c b/block/curl.c
index 66aecfb20ec6..419df78258bc 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -903,6 +903,7 @@ out_noclean:
g_free(s->cookie);
g_free(s->url);
g_free(s->username);
+ g_free(s->password);
g_free(s->proxyusername);
g_free(s->proxypassword);
if (s->sockets) {
Should we directly call curl_close() here instead? Otherwise
factor a common curl_cleanup() out and reuse?
@@ -1014,6 +1015,7 @@ static void curl_close(BlockDriverState *bs)
g_free(s->cookie);
g_free(s->url);
g_free(s->username);
+ g_free(s->password);
g_free(s->proxyusername);
g_free(s->proxypassword);
}
