Fossil

Check-in [aeeba751]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a memory double-free'd problem.

In function cgi_set_cookie the zDate was allocated via usage of cgi_rfc822_datestamp. But as it was appended to the blob extraHeader via the format specifier %z the memory was free'd by blob_appendf. As cgi_rfc822_datestamp might return both a dynamic allocated empty string as well as a dynamic allocated string containing the time stamp, blob_appendf should not try to free the zDate. So now the format specifier is changed to %s to let us decide, if we want to free the memory or not.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:aeeba751c4d8b704d3fe774eb4074e9b578f9955
User & Date: cle 2008-09-11 17:12:11
Context
2008-09-18
11:21
added comments about necessary link flags for Solaris 10 + OpenSolaris check-in: 7dddab2f user: stephan tags: trunk
2008-09-11
17:12
Fix a memory double-free'd problem.

In function cgi_set_cookie the zDate was allocated via usage of cgi_rfc822_datestamp. But as it was appended to the blob extraHeader via the format specifier %z the memory was free'd by blob_appendf. As cgi_rfc822_datestamp might return both a dynamic allocated empty string as well as a dynamic allocated string containing the time stamp, blob_appendf should not try to free the zDate. So now the format specifier is changed to %s to let us decide, if we want to free the memory or not. check-in: aeeba751 user: cle tags: trunk

2008-09-07
08:32
Remove small glitch that prevent fossil to be built with BSD make. check-in: f3fb059e user: cle tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/cgi.c.

200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
  int lifetime          /* Expiration of the cookie in seconds from now */
){
  if( zPath==0 ) zPath = g.zTop;
  if( lifetime>0 ){
    lifetime += (int)time(0);
    char * zDate = cgi_rfc822_datestamp(lifetime);
    blob_appendf(&extraHeader,
       "Set-Cookie: %s=%t; Path=%s; expires=%z; Version=1\r\n",
        zName, zValue, zPath, zDate);
    if( zDate[0] ) free( zDate );
  }else{
    blob_appendf(&extraHeader,
       "Set-Cookie: %s=%t; Path=%s; Version=1\r\n",
       zName, zValue, zPath);
  }







|







200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
  int lifetime          /* Expiration of the cookie in seconds from now */
){
  if( zPath==0 ) zPath = g.zTop;
  if( lifetime>0 ){
    lifetime += (int)time(0);
    char * zDate = cgi_rfc822_datestamp(lifetime);
    blob_appendf(&extraHeader,
       "Set-Cookie: %s=%t; Path=%s; expires=%s; Version=1\r\n",
        zName, zValue, zPath, zDate);
    if( zDate[0] ) free( zDate );
  }else{
    blob_appendf(&extraHeader,
       "Set-Cookie: %s=%t; Path=%s; Version=1\r\n",
       zName, zValue, zPath);
  }