Fossil SCM
Fix a memory double-free'd problem. In function <tt>cgi_set_cookie</tt> the <tt>zDate</tt> was allocated via usage of <tt>cgi_rfc822_datestamp</tt>. But as it was appended to the blob <tt>extraHeader</tt> via the format specifier <tt>%z</tt> the memory was free'd by <tt>blob_appendf</tt>. As <tt>cgi_rfc822_datestamp</tt> might return both a dynamic allocated empty string as well as a dynamic allocated string containing the time stamp, <tt>blob_appendf</tt> should not try to free the <tt>zDate</tt>. So now the format specifier is changed to <tt>%s</tt> to let us decide, if we want to free the memory or not.
Commit
aeeba751c4d8b704d3fe774eb4074e9b578f9955
Parent
f3fb059eb66288b…
1 file changed
+1
-1
+1
-1
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -202,11 +202,11 @@ | ||
| 202 | 202 | if( zPath==0 ) zPath = g.zTop; |
| 203 | 203 | if( lifetime>0 ){ |
| 204 | 204 | lifetime += (int)time(0); |
| 205 | 205 | char * zDate = cgi_rfc822_datestamp(lifetime); |
| 206 | 206 | blob_appendf(&extraHeader, |
| 207 | - "Set-Cookie: %s=%t; Path=%s; expires=%z; Version=1\r\n", | |
| 207 | + "Set-Cookie: %s=%t; Path=%s; expires=%s; Version=1\r\n", | |
| 208 | 208 | zName, zValue, zPath, zDate); |
| 209 | 209 | if( zDate[0] ) free( zDate ); |
| 210 | 210 | }else{ |
| 211 | 211 | blob_appendf(&extraHeader, |
| 212 | 212 | "Set-Cookie: %s=%t; Path=%s; Version=1\r\n", |
| 213 | 213 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -202,11 +202,11 @@ | |
| 202 | if( zPath==0 ) zPath = g.zTop; |
| 203 | if( lifetime>0 ){ |
| 204 | lifetime += (int)time(0); |
| 205 | char * zDate = cgi_rfc822_datestamp(lifetime); |
| 206 | blob_appendf(&extraHeader, |
| 207 | "Set-Cookie: %s=%t; Path=%s; expires=%z; Version=1\r\n", |
| 208 | zName, zValue, zPath, zDate); |
| 209 | if( zDate[0] ) free( zDate ); |
| 210 | }else{ |
| 211 | blob_appendf(&extraHeader, |
| 212 | "Set-Cookie: %s=%t; Path=%s; Version=1\r\n", |
| 213 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -202,11 +202,11 @@ | |
| 202 | if( zPath==0 ) zPath = g.zTop; |
| 203 | if( lifetime>0 ){ |
| 204 | lifetime += (int)time(0); |
| 205 | char * zDate = cgi_rfc822_datestamp(lifetime); |
| 206 | blob_appendf(&extraHeader, |
| 207 | "Set-Cookie: %s=%t; Path=%s; expires=%s; Version=1\r\n", |
| 208 | zName, zValue, zPath, zDate); |
| 209 | if( zDate[0] ) free( zDate ); |
| 210 | }else{ |
| 211 | blob_appendf(&extraHeader, |
| 212 | "Set-Cookie: %s=%t; Path=%s; Version=1\r\n", |
| 213 |