process_encrypted_request_headers(): Free header memory when failing
authorJoshua Rogers <jrogers@opera.com>
Fri, 19 Nov 2021 17:31:59 +0000 (18:31 +0100)
committerFabian Keil <fk@fabiankeil.de>
Tue, 7 Dec 2021 14:06:06 +0000 (15:06 +0100)
... to get the request destination.

OVE-20211201-0002. CVE-2021-44541.

jcc.c

diff --git a/jcc.c b/jcc.c
index 2d6ba77..2beca7b 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -2806,6 +2806,8 @@ static jb_err process_encrypted_request_headers(struct client_state *csp)
          "Failed to get the encrypted request destination");
       ssl_send_data_delayed(&(csp->ssl_client_attr),
          (const unsigned char *)CHEADER, strlen(CHEADER), get_write_delay(csp));
+      destroy_list(headers);
+
       return JB_ERR_PARSE;
    }