tlv: do not leak on allocation failure in curl_slist_append

curl / curl-fuzzer

Quality assurance testing for the curl project

MIT License

82 stars 29 forks source link

tlv: do not leak on allocation failure in curl_slist_append #74

Closed catenacyber closed 1 year ago

catenacyber commented 1 year ago

curl_slist_append can return NULL, especially when there is an allocation failure inside it... In this case, ignore the addition of the new value (another option would be to go to EXIT_LABEL with some rc value for an error code)

This was found by POC nallocfuzz...

cmeister2 commented 1 year ago

Thanks! I'll review this in the morning.