Double Free Vulnerability in `libcurl` Cookie Management (`cookie.c`)

## Description: Two **Double Free** vulnerabilities have been identified in the `cookie.c` file of the `libcurl` library. These issues occur due to improper memory management, where the same memory area is freed multiple times under certain conditions. Below are clear steps to reproduce each vulnerability. --- ### Summary: The vulnerabilities occur in the following scenarios: 1. **`replace_existing` Function**: A cookie object is freed without ensuring it has not already been removed from the list, leading to double-free. 2. **`Curl_cookie_add` Function**: On errors, memory allocated for a cookie object is freed again, even if it was previously released. ## Steps To Reproduce: ### Case 1: Vulnerability in `replace_existing` Function 1. Create multiple cookies with identical names, domains, and paths. 2. Trigger a scenario where an existing cookie needs to be replaced (e.g., by adding a new cookie with the same attributes). 3. Observe the program crash or unexpected behavior due to double-free in the following code: ```c if (replace_n) { struct Cookie *repl = Curl_node_elem(replace_n); Curl_node_remove(replace_n); // Remove from the list freecookie(repl); // Free memory (double-free if already removed) } ``` ### Case 2: Vulnerability in `Curl_cookie_add` Function 1. Add a malformed or invalid cookie header line to the cookie input file. 2. Ensure the program encounters an error during cookie parsing. 3. Observe the program crash or unexpected behavior due to double-free in the following code: ```c fail: freecookie(co); // Memory freed again even if already released return NULL; ``` --- ## Impact ### Summary The **Double Free** vulnerabilities in `libcurl` can have severe security implications: 1. **Program Crash**: A double-free leads to undefined behavior, often resulting in segmentation faults. 2. **Arbitrary Code Execution**: Attackers could exploit this issue to execute arbitrary code in the context of the vulnerable program. 3. **Data Integrity**: Memory corruption caused by this vulnerability can lead to data leakage or integrity issues, compromising the application's reliability. 4. **Denial of Service (DoS)**: Exploiting this vulnerability could result in a denial-of-service condition. These vulnerabilities can be exploited by attackers to compromise the security and stability of any applications or systems using `libcurl`. ---