Double-free of `trailers_buf' on `Curl_http_compile_trailers()` failure

Disclosed: 2021-01-12 13:12:04 By thomas_v To curl

Medium

Vulnerability Details

## Summary: When `Curl_http_compile_trailers()` fails, `trailers_buf` is freed twice, because we don't pass to this function the pointer value by reference. ## Steps To Reproduce: Did not actually reproduce, please double check patch attached and analysis. ## Impact Some memory corruption due to the double-free.

Actions

View on HackerOne

Report Stats

Report ID: 687734
State: Closed
Substate: informative

Double-free of `trailers_buf' on `Curl_http_compile_trailers()` failure

Vulnerability Details

Actions

Report Stats

Share this report