gmnlm: host freed too early, causing UAF

The host variable is freed too early. If a client certificate is not found, the later error message in the GEMINI_STATUS_CLASS_CLIENT_CERTIFICATE_REQUIRED case uses the freed host variable to produce an incorrect openssl command. This fix just delays the free to after the switch statement. Test case: gmnlm gemini://feeds.drewdevault.com Prior: The following OpenSSL command will generate a certificate for this host: openssl req -x509 -newkey rsa:4096 \ -keyout /home/andrew/.local/share/gmni/certs/Ú-=öU.key \ -out /home/andrew/.local/share/gmni/certs/Ú-=öU.crt \ -days 36500 -nodes Now: The following OpenSSL command will generate a certificate for this host: openssl req -x509 -newkey rsa:4096 \ -keyout /home/andrew/.local/share/gmni/certs/feeds.drewdevault.com.key \ -out /home/andrew/.local/share/gmni/certs/feeds.drewdevault.com.crt \ -days 36500 -nodes
2024-11-22 20:32:03 +01:00 · 2021-06-10 07:36:37 -04:00 · 2021-06-10 07:36:37 -04:00 · b46b312817
commit b46b312817
parent e0993d4886
1 changed files with 1 additions and 1 deletions
--- a/src/gmnlm.c
+++ b/src/gmnlm.c
@ -415,7 +415,6 @@ do_requests(struct browser *browser, struct gemini_response *resp)
 		} else {
 			browser->opts.client_cert = NULL;
 		}
-		free(host);
 	}

 	while (requesting) {
@ -540,6 +539,7 @@ out:
 		free(client_cert.key);
 	}
 	free(scheme);
+	free(host);
 	return res;
 }