Bug #6271: libhtp: double free in multipart processing - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6271

closed

libhtp: double free in multipart processing

Added by Juliana Fajardini Reichow about 1 year ago. Updated about 1 year ago.

Status:

Rejected

Priority:

Normal

Assignee:

OISF Dev

Target version:

7.0.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

In function htp_ch_multipart_callback_request_body_data at htp_content_handlers.c,
if an error occurs while adding newly allocated params to tx->request_params, the
func just returns without setting tx->request_mpartp->gave_up_data, thus there's a
risk of double-free in htp_tx_destroy_incomplete.

To keep better track of https://github.com/OISF/libhtp/issues/402

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6271

libhtp: double free in multipart processing

Updated by Juliana Fajardini Reichow about 1 year ago

Updated by Philippe Antoine about 1 year ago