From 8e4b418ee4d85545d20f3af08ae25311a9920ea9 Mon Sep 17 00:00:00 2001 From: Mike Jerris Date: Tue, 6 Oct 2020 11:26:42 -0400 Subject: [PATCH] [core] fix leak in http request parser --- src/switch_utils.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/switch_utils.c b/src/switch_utils.c index e4e26a6eef..5d6b8f2aaf 100644 --- a/src/switch_utils.c +++ b/src/switch_utils.c @@ -4176,11 +4176,12 @@ SWITCH_DECLARE(void) switch_http_parse_qs(switch_http_request_t *request, char * char *q; char *next; char *name, *val; + char *dup = NULL; if (qs) { q = qs; } else { /*parse our own qs, dup to avoid modify the original string */ - q = strdup(request->qs); + dup = q = strdup(request->qs); } switch_assert(q); @@ -4207,9 +4208,7 @@ SWITCH_DECLARE(void) switch_http_parse_qs(switch_http_request_t *request, char * q = next; } while (q); - if (!qs) { - switch_safe_free(q); - } + switch_safe_free(dup); } /* clean the uri to protect us from vulnerability attack */