Possible Memory Leak

[stasos24]

File: oauth_http.c
Memory allocation: line 512
Memory leak: line 520

char *oauth_exec_post (const char *u, const char *p) {
	char cmd[BUFSIZ];
	char *t1,*t2;
	char *cmdtpl = getenv(_OAUTH_ENV_HTTPCMD); **Memory allocation**
	if (!cmdtpl) cmdtpl = xstrdup (_OAUTH_DEF_HTTPCMD);
	else cmdtpl = xstrdup (cmdtpl); // clone getenv() string.

	// add URL and post param - error if no '%p' or '%u' present in definition
	t1=strstr(cmdtpl, "%p");
	t2=strstr(cmdtpl, "%u");
	if (!t1 || !t2) {
		fprintf(stderr, "\nliboauth: invalid HTTP command. set the '%s' environment variable.\n\n",_OAUTH_ENV_HTTPCMD);
		return(NULL); **Memory leak**
	}
	// TODO: check if there are exactly two '%' in cmdtpl
	*(++t1)= 's'; *(++t2)= 's';
	if (t1>t2) {
		t1=oauth_escape_shell(u);
		t2=oauth_escape_shell(p);
	} else {
		t1=oauth_escape_shell(p);
		t2=oauth_escape_shell(u);
	}
	snprintf(cmd, BUFSIZ, cmdtpl, t1, t2);
	xfree(cmdtpl);
	xfree(t1); xfree(t2);
	return oauth_exec_shell(cmd);
}

[x42]

Thanks for the heads up.

OAuth1 has been superseded by OAuth2 since over a decade now, so I am surprised that this library is still used, and in particular its optional curl/http integration.