I missed one goto abort instead of free(line).

Found by Fabian Raetz at gmail

diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c
index 5568840..b0ae73d 100644 (file)
--- a/usr.sbin/httpd/server_http.c
+++ b/usr.sbin/httpd/server_http.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: server_http.c,v 1.61 2015/01/06 13:48:15 reyk Exp $   */
+/*     $OpenBSD: server_http.c,v 1.62 2015/01/06 17:48:04 reyk Exp $   */
 
 /*
  * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -166,9 +166,8 @@ server_read_http(struct bufferevent *bev, void *arg)
                /* Limit the total header length minus \r\n */
                clt->clt_headerlen += linelen;
                if (clt->clt_headerlen > SERVER_MAXHEADERLENGTH) {
-                       free(line);
                        server_abort_http(clt, 413, "request too large");
-                       return;
+                       goto abort;
                }
 
                /*