github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leak on html dentity decode transformation

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-06-16 10:32:44 -03:00
parent e6c542c5b5
commit f833a61089
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/actions/transformations/html_entity_decode.cc
View File

@ -105,7 +105,7 @@ int HtmlEntityDecode::inplace(unsigned char *input, u_int64_t input_len) {
memset(x, '\0', (j - k) + 1); memset(x, '\0', (j - k) + 1);
memcpy(x, (const char *)&input[k], j - k); memcpy(x, (const char *)&input[k], j - k);
*d++ = (unsigned char)strtol(x, NULL, 16); *d++ = (unsigned char)strtol(x, NULL, 16);
free(x);
count++; count++;
/* Skip over the semicolon if it's there. */ /* Skip over the semicolon if it's there. */
@ -132,7 +132,7 @@ int HtmlEntityDecode::inplace(unsigned char *input, u_int64_t input_len) {
memset(x, '\0', (j - k) + 1); memset(x, '\0', (j - k) + 1);
memcpy(x, (const char *)&input[k], j - k); memcpy(x, (const char *)&input[k], j - k);
*d++ = (unsigned char)strtol(x, NULL, 10); *d++ = (unsigned char)strtol(x, NULL, 10);
free(x);
count++; count++;
/* Skip over the semicolon if it's there. */ /* Skip over the semicolon if it's there. */
@ -175,8 +175,10 @@ int HtmlEntityDecode::inplace(unsigned char *input, u_int64_t input_len) {
/* We do no want to convert this entity, /* We do no want to convert this entity,
* copy the raw data over. */ * copy the raw data over. */
copy = j - k + 1; copy = j - k + 1;
free(x);
goto HTML_ENT_OUT; goto HTML_ENT_OUT;
} }
free(x);
count++; count++;