From e0ad093b0f7a7d88d4be2b3a09e813bf247c4c5f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Nov 2013 13:07:19 +0100 Subject: [PATCH] BB#116: fix invalid free when connecting to ipv6 literal address When removing the '[' and ']' characers from the ipv6 literal address, make sure the pointer that is later free'd stays a malloced pointer by memmoving the string one place left. Signed-off-by: Michael Adam (cherry picked from commit bb2e894e0dd7cafb730ea56496dbc43997f6c98e) --- src/reqs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/reqs.c b/src/reqs.c index 2de43a8..d762fe8 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -221,7 +221,10 @@ static int extract_http_url (const char *url, struct request_s *request) /* Remove any surrounding '[' and ']' from IPv6 literals */ p = strrchr (request->host, ']'); if (p && (*(request->host) == '[')) { - request->host++; + memmove(request->host, request->host + 1, + strlen(request->host) - 2); + *p = '\0'; + p--; *p = '\0'; }