http: fix leak when redacting cookies from curl trace

peff · gitster · commit 3d33e96653fe · 2024-09-25T10:24:55.000-07:00
When redacting headers for GIT_TRACE_CURL, we build up a redacted cookie
header in a local strbuf, and then copy it into the output. But we
forget to release the temporary strbuf, leaking it for every cookie
header we show.

The other redacted headers don't run into this problem, since they're
able to work in-place in the output buffer. But the cookie parsing is
too complicated for that, since we redact the cookies individually.

This leak is triggered by the cookie tests in t5551.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/http.c b/http.c
@@ -800,6 +800,7 @@ static int redact_sensitive_header(struct strbuf *header, size_t offset)
 
 		strbuf_setlen(header, sensitive_header - header->buf);
 		strbuf_addbuf(header, &redacted_header);
+		strbuf_release(&redacted_header);
 		ret = 1;
 	}
 	return ret;

Original file line number	Diff line number	Diff line change
`@@ -800,6 +800,7 @@ static int redact_sensitive_header(struct strbuf *header, size_t offset)`
`800`	`800`
`801`	`801`	`strbuf_setlen(header, sensitive_header - header->buf);`
`802`	`802`	`strbuf_addbuf(header, &redacted_header);`
	`803`	`+ strbuf_release(&redacted_header);`
`803`	`804`	`ret = 1;`
`804`	`805`	`}`
`805`	`806`	`return ret;`