Change #246111
| Category | None |
| Changed by | Daniel Stenberg <daniel@haxx.se> |
| Changed at | Sun 19 Oct 2025 13:13:15 |
| Repository | https://api.github.com/repos/curl/curl |
| Project | curl/curl |
| Branch | master |
| Revision | 8d302ec93647ec7a57fdf8a6a1d2f7ac2af07fac |
Comments
socks: avoid UAF risk in error path The code obtained a pointer resp via Curl_bufq_peek(), but called Curl_bufq_skip() before it would access them in the failf() call. The Curl_bufq_skip() call can trigger prune_head which may free or recycle the chunk that resp points into. Pointed out by ZeroPath Closes #19139
Changed files
- lib/socks.c