cURL / Mailing Lists / curl-library / Single Mail

curl-library

bug in cookie_add

From: T. Bharath <TBharath_at_responsenetworks.com>
Date: Sun, 06 Jan 2002 07:04:06 -0500

There seems to be a prob in Curl_cookie_add, to be more specific in the
bloc
if(replace_old) {
        co->next = clist->next; /* get the next-pointer first */
...
}
What really happens is when the old cookie is replaced by a new one
the first time we do a
        free(co); /* free the newly alloced memory */
        co = clist;
co is no longer pointing to the newly alloced mem
Now lets say we continue the loop a few more times but all along co is
not reset and
points to the link which was replaced
after a few iteration again we get in to the above bloc,this time we
copy the
contents of co and delete the co which is pointing to a valid link(not
allocated by us)
and this actually causes the c->cookies->next to end in a dangling
pointer and also that we
lose track of valid cookies in the list

Regards
Bharath
Received on 2002-01-06