parse_proxy: fix a memory leak in the OOM path

Reported-by: Jay Satiro
Reviewed-by: Jay Satiro
Reviewed-by: Emil Engler
Closes #6614
Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541

diff --git a/lib/url.c b/lib/url.c
index a1818466c4464d02de785130f83300795b867ade..4470581a479d98d7902709a2fcf36e43670e45ac 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -2402,13 +2402,18 @@ static CURLcode parse_proxy(struct Curl_easy *data,
   proxyinfo->proxytype = proxytype;
 
   /* Is there a username and password given in this proxy url? */
-  curl_url_get(uhp, CURLUPART_USER, &proxyuser, CURLU_URLDECODE);
-  curl_url_get(uhp, CURLUPART_PASSWORD, &proxypasswd, CURLU_URLDECODE);
+  uc = curl_url_get(uhp, CURLUPART_USER, &proxyuser, CURLU_URLDECODE);
+  if(uc && (uc != CURLUE_NO_USER))
+    goto error;
+  uc = curl_url_get(uhp, CURLUPART_PASSWORD, &proxypasswd, CURLU_URLDECODE);
+  if(uc && (uc != CURLUE_NO_PASSWORD))
+    goto error;
+
   if(proxyuser || proxypasswd) {
     Curl_safefree(proxyinfo->user);
     proxyinfo->user = proxyuser;
-    result = Curl_setstropt(&data->state.aptr.proxyuser,
-                            proxyuser);
+    result = Curl_setstropt(&data->state.aptr.proxyuser, proxyuser);
+    proxyuser = NULL;
     if(result)
       goto error;
     Curl_safefree(proxyinfo->passwd);
@@ -2420,8 +2425,8 @@ static CURLcode parse_proxy(struct Curl_easy *data,
       }
     }
     proxyinfo->passwd = proxypasswd;
-    result = Curl_setstropt(&data->state.aptr.proxypasswd,
-                            proxypasswd);
+    result = Curl_setstropt(&data->state.aptr.proxypasswd, proxypasswd);
+    proxypasswd = NULL;
     if(result)
       goto error;
     conn->bits.proxy_user_passwd = TRUE; /* enable it */
@@ -2469,6 +2474,8 @@ static CURLcode parse_proxy(struct Curl_easy *data,
   proxyinfo->host.name = host;
 
   error:
+  free(proxyuser);
+  free(proxypasswd);
   free(scheme);
   curl_url_cleanup(uhp);
   return result;