In http_connect() if the connect was actually successful break out of the

for loop. Also in http_finish_connect() if the connect was successful
cleanup the addrinfo struct. It is no longer needed.
Found with deraadt@

diff --git a/usr.sbin/rpki-client/http.c b/usr.sbin/rpki-client/http.c
index 5ac8d61..137f05f 100644 (file)
--- a/usr.sbin/rpki-client/http.c
+++ b/usr.sbin/rpki-client/http.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: http.c,v 1.14 2021/04/02 16:41:36 deraadt Exp $  */
+/*      $OpenBSD: http.c,v 1.15 2021/04/02 17:10:12 claudio Exp $  */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@@ -518,11 +518,7 @@ http_connect(struct http_connection *conn)
                        }
                }
 
-               /* TODO proxy connect */
-#if 0
-               if (proxyenv)
-                       proxy_connect(conn->fd, sslhost, proxy_credentials); */
-#endif
+               break;
        }
        freeaddrinfo(conn->res0);
        conn->res0 = NULL;
@@ -530,6 +526,12 @@ http_connect(struct http_connection *conn)
                warn("%s: %s", http_info(conn->url), cause);
                return -1;
        }
+
+#if 0
+       /* TODO proxy connect */
+       if (proxyenv)
+               proxy_connect(conn->fd, sslhost, proxy_credentials); */
+#endif
        return 0;
 }
 
@@ -551,6 +553,15 @@ http_finish_connect(struct http_connection *conn)
                return -1;
        }
 
+       freeaddrinfo(conn->res0);
+       conn->res0 = NULL;
+
+#if 0
+       /* TODO proxy connect */
+       if (proxyenv)
+               proxy_connect(conn->fd, sslhost, proxy_credentials); */
+#endif
+
        return 0;
 }