From f317719d1ce924bccd40b831e5e2d28cb4475b1a Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 16 May 2024 15:29:34 +0200
Subject: [PATCH] cgi-bin/var.c: Fix return value if the text is invalid

If the original value contains double quote, which is forbidden for
text, we free the variable and move the next variable from array to its
place. However, the return value still contains the original value of
freed pointer.

Set it NULL, since we don't have any value to return for the requested
name.
---
 cgi-bin/var.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cgi-bin/var.c b/cgi-bin/var.c
index 5cfdb72d4d..822f8b93c9 100644
--- a/cgi-bin/var.c
+++ b/cgi-bin/var.c
@@ -284,6 +284,8 @@ cgiGetTextfield(const char *name)	/* I - Name of form field */
 
     if (i < form_count)
       memmove(var, var + 1, (size_t)(form_count - i) * sizeof(_cgi_var_t));
+
+    value = NULL;
   }
 
   return (value);
-- 
2.47.2