From: GuoHan Zhao <[email protected]>
When password-secret is used, curl_open() resolves it with
qcrypto_secret_lookup_as_utf8() and stores the returned buffer in
s->password.
Unlike s->proxypassword, s->password is not freed either in the open
failure path or in curl_close(), so the resolved secret leaks once it
has been allocated.
Free s->password in both cleanup paths.
Fixes: 1bff96064290 ('curl: add support for HTTP authentication parameters')
Signed-off-by: GuoHan Zhao <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Kevin Wolf <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit 51fc8443c122fedf4d4891bbc3a1ff25dd8bacdf)
Signed-off-by: Michael Tokarev <[email protected]>
diff --git a/block/curl.c b/block/curl.c
index dabd2a905e..aabb602d9b 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -876,6 +876,7 @@ out_noclean:
g_free(s->cookie);
g_free(s->url);
g_free(s->username);
+ g_free(s->password);
g_free(s->proxyusername);
g_free(s->proxypassword);
if (s->sockets) {
@@ -987,6 +988,7 @@ static void curl_close(BlockDriverState *bs)
g_free(s->cookie);
g_free(s->url);
g_free(s->username);
+ g_free(s->password);
g_free(s->proxyusername);
g_free(s->proxypassword);
}
--
2.47.3
