From 68e756caae87974e5433b9670708d23acfd68155 Mon Sep 17 00:00:00 2001
From: Joerg Jung <jung@cvs.openbsd.org>
Date: Sun, 22 May 2016 19:20:04 +0000
Subject: makes sure the value of the asprintf buffer is zeroed on error

from Hiltjo Posthuma

"do." deraadt
---
 usr.sbin/httpd/server_http.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'usr.sbin/httpd/server_http.c')

diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c
index 37e83be3b44..2a2ae2b578e 100644
--- a/usr.sbin/httpd/server_http.c
+++ b/usr.sbin/httpd/server_http.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: server_http.c,v 1.106 2016/03/08 09:33:15 florian Exp $	*/
+/*	$OpenBSD: server_http.c,v 1.107 2016/05/22 19:20:03 jung Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -826,8 +826,10 @@ server_abort_http(struct client *clt, unsigned int code, const char *msg)
 	    "<hr>\n<address>%s</address>\n"
 	    "</body>\n"
 	    "</html>\n",
-	    code, httperr, style, code, httperr, HTTPD_SERVERNAME)) == -1)
+	    code, httperr, style, code, httperr, HTTPD_SERVERNAME)) == -1) {
+		body = NULL;
 		goto done;
+	}
 
 	if (srv_conf->flags & SRVFLAG_SERVER_HSTS) {
 		if (asprintf(&hstsheader, "Strict-Transport-Security: "
@@ -835,8 +837,10 @@ server_abort_http(struct client *clt, unsigned int code, const char *msg)
 		    srv_conf->hsts_flags & HSTSFLAG_SUBDOMAINS ?
 		    "; includeSubDomains" : "",
 		    srv_conf->hsts_flags & HSTSFLAG_PRELOAD ?
-		    "; preload" : "") == -1)
+		    "; preload" : "") == -1) {
+			hstsheader = NULL;
 			goto done;
+		}
 	}
 
 	/* Add basic HTTP headers */
-- 
cgit v1.2.3