Overview
| SHA1 Hash: | aeeba751c4d8b704d3fe774eb4074e9b578f9955 |
|---|---|
| Date: | 2008-09-11 17:12:11 |
| User: | cle |
| Comment: | Fix a memory double-free'd problem.
In function cgi_set_cookie the zDate was allocated via usage of cgi_rfc822_datestamp. But as it was appended to the blob extraHeader via the format specifier %z the memory was free'd by blob_appendf. As cgi_rfc822_datestamp might return both a dynamic allocated empty string as well as a dynamic allocated string containing the time stamp, blob_appendf should not try to free the zDate. So now the format specifier is changed to %s to let us decide, if we want to free the memory or not. |
| Timelines: | ancestors | descendants | both | trunk |
| Other Links: | files | ZIP archive | manifest |
Tags And Properties
- branch=trunk inherited from [a28c83647d]
- sym-trunk inherited from [a28c83647d]
Changes
[hide diffs]Modified src/cgi.c from [cf67a58e94] to [48957219a2].
@@ -202,11 +202,11 @@
if( zPath==0 ) zPath = g.zTop;
if( lifetime>0 ){
lifetime += (int)time(0);
char * zDate = cgi_rfc822_datestamp(lifetime);
blob_appendf(&extraHeader,
- "Set-Cookie: %s=%t; Path=%s; expires=%z; Version=1\r\n",
+ "Set-Cookie: %s=%t; Path=%s; expires=%s; Version=1\r\n",
zName, zValue, zPath, zDate);
if( zDate[0] ) free( zDate );
}else{
blob_appendf(&extraHeader,
"Set-Cookie: %s=%t; Path=%s; Version=1\r\n",