From 55e1875729f9d9fc7315cec611bffbd2c817ad89 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 6 Oct 2022 14:13:36 +0200 Subject: [PATCH] http_proxy: restore the protocol pointer on error Reported-by: Trail of Bits Closes #9790 CVE: CVE-2022-42915 Upstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89] Signed-off-by: Bhabu Bindu --- lib/http_proxy.c | 6 ++---- lib/url.c | 9 --------- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/lib/http_proxy.c b/lib/http_proxy.c index 1f87f6c62aa40..cc20b3a801941 100644 --- a/lib/http_proxy.c +++ b/lib/http_proxy.c @@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy *data) Curl_dyn_free(&s->rcvbuf); Curl_dyn_free(&s->req); - /* restore the protocol pointer, if not already done */ - if(s->prot_save) - data->req.p.http = s->prot_save; - s->prot_save = NULL; + /* restore the protocol pointer */ + data->req.p.http = s->prot_save; data->info.httpcode = 0; /* clear it as it might've been used for the proxy */ data->req.ignorebody = FALSE; diff --git a/lib/url.c b/lib/url.c index 690c53c81a3c1..be5ffca2d8b20 100644 --- a/lib/url.c +++ b/lib/url.c @@ -751,15 +751,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn) DEBUGASSERT(data); infof(data, "Closing connection %ld", conn->connection_id); -#ifndef USE_HYPER - if(conn->connect_state && conn->connect_state->prot_save) { - /* If this was closed with a CONNECT in progress, cleanup this temporary - struct arrangement */ - data->req.p.http = NULL; - Curl_safefree(conn->connect_state->prot_save); - } -#endif - /* possible left-overs from the async name resolvers */ Curl_resolver_cancel(data);