Site icon API Security Blog

curl: Memory leak in CURLOPT_XOAUTH2_BEARER

## Summary:
Once a bearer token is set with `CURLOPT_XOAUTH2_BEARER`, each HTTP request done with the same handler leaks the token itself.

## Steps To Reproduce:

Given the following code:

“`c
#include

int main(void) {
curl_global_init(CURL_GLOBAL_ALL);

CURL* curl = curl_easy_init();

curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BEARER);
curl_easy_setopt(curl, CURLOPT_XOAUTH2_BEARER, “c4e448d652a961fda0ab64f882c8c161d5985f805d45d80c9ddca108f8e2fde3”);
curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L);
curl_easy_setopt(curl, CURLOPT_URL, “https://andrea.pappacoda.it”);

for (int i = 0; i

Exit mobile version