From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 16 May 2025 10:04:38 +0000 (+0200)
Subject: OSSL_HTTP_get(): Reset redirection_url in each iteration
X-Git-Tag: openssl-3.0.17~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58a47259742da3044aa8b164efebac03cb5af3ef;p=thirdparty%2Fopenssl.git

OSSL_HTTP_get(): Reset redirection_url in each iteration

Also remove some dead assignments.
Fixes #27629

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27637)
---

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index c86db4405b8..4652269b9ad 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1138,13 +1138,12 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                    const char *expected_ct, int expect_asn1,
                    size_t max_resp_len, int timeout)
 {
-    char *current_url, *redirection_url = NULL;
+    char *current_url;
     int n_redirs = 0;
     char *host;
     char *port;
     char *path;
     int use_ssl;
-    OSSL_HTTP_REQ_CTX *rctx = NULL;
     BIO *resp = NULL;
     time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
 
@@ -1156,6 +1155,9 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
         return NULL;
 
     for (;;) {
+        char *redirection_url;
+        OSSL_HTTP_REQ_CTX *rctx;
+
         if (!OSSL_HTTP_parse_url(current_url, &use_ssl, NULL /* user */, &host,
                                  &port, NULL /* port_num */, &path, NULL, NULL))
             break;
@@ -1164,6 +1166,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                               use_ssl, bio, rbio, bio_update_fn, arg,
                               buf_size, timeout);
     new_rpath:
+        redirection_url = NULL;
         if (rctx != NULL) {
             if (!OSSL_HTTP_set1_request(rctx, path, headers,
                                         NULL /* content_type */,
@@ -1173,9 +1176,9 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                                         0 /* no keep_alive */)) {
                 OSSL_HTTP_REQ_CTX_free(rctx);
                 rctx = NULL;
-           } else {
+            } else {
                 resp = OSSL_HTTP_exchange(rctx, &redirection_url);
-           }
+            }
         }
         OPENSSL_free(path);
         if (resp == NULL && redirection_url != NULL) {
@@ -1190,7 +1193,6 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                         OPENSSL_free(host);
                         OPENSSL_free(port);
                         (void)OSSL_HTTP_close(rctx, 1);
-                        rctx = NULL;
                         BIO_free(resp);
                         OPENSSL_free(current_url);
                         return NULL;
@@ -1200,7 +1202,6 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                 OPENSSL_free(host);
                 OPENSSL_free(port);
                 (void)OSSL_HTTP_close(rctx, 1);
-                rctx = NULL;
                 continue;
             }
             /* if redirection not allowed, ignore it */
@@ -1210,7 +1211,6 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
         OPENSSL_free(port);
         if (!OSSL_HTTP_close(rctx, resp != NULL)) {
             BIO_free(resp);
-            rctx = NULL;
             resp = NULL;
         }
         break;