From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 23 Apr 2026 19:49:50 +0000 (+0200)
Subject: rustls: fix memory leak on repeated SSLKEYLOGFILE fails
X-Git-Tag: curl-8_20_0~42
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=961a13e366eaafc0d1828bc933abc78805f4b8ea;p=thirdparty%2Fcurl.git

rustls: fix memory leak on repeated SSLKEYLOGFILE fails

Before this fix, Curl_tls_keylog_open() assigned the environment
variable result to a global keylog_file_name without freeing any prior
allocation. If the file cannot be opened (e.g., permission error)
keylog_file_fp stays NULL, so subsequent calls to Curl_tls_keylog_open
will overwrite keylog_file_name and leak the previous allocation.

Spotted by Codex Security

Closes #21427
---

diff --git a/lib/vtls/keylog.c b/lib/vtls/keylog.c
index 9ffda33276..4ae2387a7a 100644
--- a/lib/vtls/keylog.c
+++ b/lib/vtls/keylog.c
@@ -38,7 +38,7 @@ static char *keylog_file_name;
 void Curl_tls_keylog_open(void)
 {
   if(!keylog_file_fp) {
-    keylog_file_name = curl_getenv("SSLKEYLOGFILE");
+    keylog_file_name = getenv("SSLKEYLOGFILE");
     if(keylog_file_name) {
       keylog_file_fp = curlx_fopen(keylog_file_name, FOPEN_APPENDTEXT);
       if(keylog_file_fp) {
@@ -62,7 +62,6 @@ void Curl_tls_keylog_close(void)
     curlx_fclose(keylog_file_fp);
     keylog_file_fp = NULL;
   }
-  curlx_safefree(keylog_file_name);
 }
 
 bool Curl_tls_keylog_enabled(void)