Actions
Bug #6271
closedlibhtp: double free in multipart processing
Affected Versions:
Effort:
Difficulty:
Label:
Description
In function htp_ch_multipart_callback_request_body_data at htp_content_handlers.c,
if an error occurs while adding newly allocated params to tx->request_params, the
func just returns without setting tx->request_mpartp->gave_up_data, thus there's a
risk of double-free in htp_tx_destroy_incomplete.
To keep better track of https://github.com/OISF/libhtp/issues/402
Updated by Juliana Fajardini Reichow over 1 year ago
Set target version as 7.0.1 as I figured 8 would be too far.
Updated by Philippe Antoine about 1 year ago
- Status changed from New to Rejected
Not affecting Suricata, as htp_ch_multipart_callback_request_body_data
is only reachable by public htp_config_register_multipart_parser
which is not used by Suricata
Actions