Project

General

Profile

Actions

Bug #6271

closed

libhtp: double free in multipart processing

Added by Juliana Fajardini Reichow over 1 year ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In function htp_ch_multipart_callback_request_body_data at htp_content_handlers.c,
if an error occurs while adding newly allocated params to tx->request_params, the
func just returns without setting tx->request_mpartp->gave_up_data, thus there's a
risk of double-free in htp_tx_destroy_incomplete.

To keep better track of https://github.com/OISF/libhtp/issues/402

Actions #1

Updated by Juliana Fajardini Reichow over 1 year ago

Set target version as 7.0.1 as I figured 8 would be too far.

Actions #2

Updated by Philippe Antoine over 1 year ago

  • Status changed from New to Rejected

Not affecting Suricata, as htp_ch_multipart_callback_request_body_data is only reachable by public htp_config_register_multipart_parser which is not used by Suricata

Actions

Also available in: Atom PDF