From: mbuhl <mbuhl@openbsd.org>
Date: Wed, 9 Nov 2022 19:11:14 +0000 (+0000)
Subject: nreq could leak a http get request in case a redirect without
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f44c78d30feec0add3f7fa8d08549e917c0596fa;p=openbsd

nreq could leak a http get request in case a redirect without
location header was received.
OK deraadt
---

diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c
index 4298b53d571..1d59de71700 100644
--- a/usr.sbin/acme-client/netproc.c
+++ b/usr.sbin/acme-client/netproc.c
@@ -1,4 +1,4 @@
-/*	$Id: netproc.c,v 1.31 2021/08/24 10:07:30 benno Exp $ */
+/*	$Id: netproc.c,v 1.32 2022/11/09 19:11:14 mbuhl Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -222,6 +222,7 @@ again:
 		if ((st = http_head_get("Location", g->head, g->headsz)) ==
 		    NULL) {
 			warnx("redirect without location header");
+			http_get_free(g);
 			return -1;
 		}