Memleak in "src/tool_getparam.c"

lwthiker / curl-impersonate

curl-impersonate: A special build of curl that can impersonate Chrome & Firefox

MIT License

3.45k stars 229 forks source link

Building on Win-10 (using MSVC or clang-cl) with -DCURLDEBUG and running curl-impersonate-chrome.exe shows a small mem-leak for the option --cert-compression brotli:

Leak detected: memory still allocated: 7 bytes
At 11e2f21a1428, there's 7 bytes.
 allocated by objects/src/tool_getparam.c:2140

Basically I did:

export CURL_MEMDEBUG=$(realpath $(TEMP))/memdebug.curl
rm -f $(CURL_MEMDEBUG)
<a .bat-file resembling chrome/curl_chrome100>
perl $(CURL_ROOT)/tests/memanalyze.pl -v $(CURL_MEMDEBUG)

AFAICS, this variable (and the others) should be freed in src/tool_cfgable.c:

--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -175,6 +175,11 @@
   Curl_safefree(config->aws_sigv4);
   Curl_safefree(config->proto_str);
   Curl_safefree(config->proto_redir_str);
+
+  /* curl-impersonate */
+  Curl_safefree(config->ssl_sig_hash_algs);
+  Curl_safefree(config->ssl_cert_compression);
+  Curl_safefree(config->http2_pseudo_headers_order);
 }

 void config_free(struct OperationConfig *config)

But I see no patch for that file. An oversight?

... curl_easy_setopt(hnd, CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER, "mspa"); curl_easy_setopt(hnd, CURLOPT_SSL_SIG_HASH_ALGS, "ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256,ecdsa_secp384r1_sha384"); curl_easy_setopt(hnd, CURLOPT_SSL_CERT_COMPRESSION, "brotli"); curl_easy_setopt(hnd, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1_2); curl_easy_setopt(hnd, CURLOPT_SSL_CIPHER_LIST, "TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AE HACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES25

lwthiker / curl-impersonate

Memleak in "src/tool_getparam.c" #196