finish_http_response(): Plug memory leak with CORS enabled
authorFabian Keil <fk@fabiankeil.de>
Sat, 29 Feb 2020 08:49:39 +0000 (09:49 +0100)
committerFabian Keil <fk@fabiankeil.de>
Sun, 1 Mar 2020 10:06:32 +0000 (11:06 +0100)
Introduced in 9fd58c0d, not in any release.

Fixes CID 267166 "Resource leaks".

cgi.c

diff --git a/cgi.c b/cgi.c
index d23d9e6..ec86b64 100644 (file)
--- a/cgi.c
+++ b/cgi.c
@@ -1594,7 +1594,7 @@ struct http_response *finish_http_response(struct client_state *csp, struct http
    if (NULL != csp->config->cors_allowed_origin)
    {
       enlist_unique_header(rsp->headers, "Access-Control-Allow-Origin",
-         strdup_or_die(csp->config->cors_allowed_origin));
+         csp->config->cors_allowed_origin);
       enlist_unique_header(rsp->headers, "Access-Control-Allow-Methods", "GET,POST");
       enlist_unique_header(rsp->headers, "Access-Control-Allow-Headers", "X-Requested-With");
       enlist_unique_header(rsp->headers, "Access-Control-Max-Age", "86400");