From 0509c58045b26463844188e07c5e87c74ea21044 Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Fri, 19 Nov 2021 18:31:59 +0100 Subject: [PATCH] process_encrypted_request_headers(): Free header memory when failing ... to get the request destination. OVE-20211201-0002. CVE-2021-44541. --- jcc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jcc.c b/jcc.c index 2d6ba77d..2beca7b6 100644 --- a/jcc.c +++ b/jcc.c @@ -2806,6 +2806,8 @@ static jb_err process_encrypted_request_headers(struct client_state *csp) "Failed to get the encrypted request destination"); ssl_send_data_delayed(&(csp->ssl_client_attr), (const unsigned char *)CHEADER, strlen(CHEADER), get_write_delay(csp)); + destroy_list(headers); + return JB_ERR_PARSE; } -- 2.39.2