From: Tracey Emery <tracey@traceyemery.net>
Subject: Re: [gotwebd] fix double free in error path
To: Omar Polo <op@omarpolo.com>
Cc: gameoftrees@openbsd.org
Date: Tue, 5 Apr 2022 07:49:12 -0600

On Sun, Apr 03, 2022 at 10:42:25AM +0200, Omar Polo wrote:
> if the querystring fails to being parsed (maybe because one copy-pasted
> the address forgetting the initial ? and firefox escaped every &) we
> free it in gotweb_process_request, but then later on we try to free it
> again.

ok.

> 
> alternatively we could also not free the querystring here since it's
> always cleared up later?
> 
> diff eb24c1d9539030efa5917237931d6f56eada014a /home/op/w/got
> blob - c581c9f7cdb1119a88ab4f6a3168dedcf3ed49bd
> file + gotwebd/gotweb.c
> --- gotwebd/gotweb.c
> +++ gotwebd/gotweb.c
> @@ -143,6 +143,7 @@ gotweb_process_request(struct request *c)
>  	error = gotweb_parse_querystring(&qs, c->querystring);
>  	if (error) {
>  		gotweb_free_querystring(qs);
> +		c->t->qs = NULL;
>  		log_warnx("%s: %s", __func__, error->msg);
>  		goto err;
>  	}
> @@ -2784,4 +2785,4 @@ gotweb_get_time_str(char **repo_age, time_t committer_
>  		break;
>  	}
>  	return NULL;
> -}
> \ No newline at end of file
> +}
> 

-- 

Tracey Emery