From 961a13e366eaafc0d1828bc933abc78805f4b8ea Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 23 Apr 2026 21:49:50 +0200 Subject: [PATCH] rustls: fix memory leak on repeated SSLKEYLOGFILE fails Before this fix, Curl_tls_keylog_open() assigned the environment variable result to a global keylog_file_name without freeing any prior allocation. If the file cannot be opened (e.g., permission error) keylog_file_fp stays NULL, so subsequent calls to Curl_tls_keylog_open will overwrite keylog_file_name and leak the previous allocation. Spotted by Codex Security Closes #21427 --- lib/vtls/keylog.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/vtls/keylog.c b/lib/vtls/keylog.c index 9ffda33276..4ae2387a7a 100644 --- a/lib/vtls/keylog.c +++ b/lib/vtls/keylog.c @@ -38,7 +38,7 @@ static char *keylog_file_name; void Curl_tls_keylog_open(void) { if(!keylog_file_fp) { - keylog_file_name = curl_getenv("SSLKEYLOGFILE"); + keylog_file_name = getenv("SSLKEYLOGFILE"); if(keylog_file_name) { keylog_file_fp = curlx_fopen(keylog_file_name, FOPEN_APPENDTEXT); if(keylog_file_fp) { @@ -62,7 +62,6 @@ void Curl_tls_keylog_close(void) curlx_fclose(keylog_file_fp); keylog_file_fp = NULL; } - curlx_safefree(keylog_file_name); } bool Curl_tls_keylog_enabled(void)