From 8d83b41d6c9fbeefc2df1041f6c25cd309c033ef Mon Sep 17 00:00:00 2001
From: divadiow <62958974+divadiow@users.noreply.github.com>
Date: Fri, 13 Feb 2026 21:48:29 +0000
Subject: [PATCH] HTTP TCP server: fix realloc failure handling to prevent
 request buffer leak (#1990)

* Update http_tcp_server.c

* Update new_tcp_server.c
---
 src/httpserver/http_tcp_server.c | 7 ++++---
 src/httpserver/new_tcp_server.c  | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/httpserver/http_tcp_server.c b/src/httpserver/http_tcp_server.c
index 9d3397c4f..4f62f7627 100644
--- a/src/httpserver/http_tcp_server.c
+++ b/src/httpserver/http_tcp_server.c
@@ -95,11 +95,12 @@ static void tcp_client_thread(beken_thread_arg_t arg)
 		}
 		// grow by 1024
 		request.receivedLenmax += 1024;
-		request.received = (char*)realloc(request.received, request.receivedLenmax+2);
-		if (request.received == NULL) {
+		char *newbuf = (char*)realloc(request.received, request.receivedLenmax + 2);
+		if (newbuf == NULL) {
 			// no memory
-			return;
+			goto exit;
 		}
+		request.received = buf = newbuf;
 	}
 	request.received[request.receivedLen] = 0;
 #endif
diff --git a/src/httpserver/new_tcp_server.c b/src/httpserver/new_tcp_server.c
index 0dc7c4c3a..f52c68d41 100644
--- a/src/httpserver/new_tcp_server.c
+++ b/src/httpserver/new_tcp_server.c
@@ -85,12 +85,13 @@ static void tcp_client_thread(tcp_thread_t* arg)
 		}
 		// grow by INCOMING_BUFFER_SIZE
 		request.receivedLenmax += INCOMING_BUFFER_SIZE;
-		request.received = (char*)realloc(request.received, request.receivedLenmax + 2);
-		if(request.received == NULL)
+		char *newbuf = (char*)realloc(request.received, request.receivedLenmax + 2);
+		if(newbuf == NULL)
 		{
 			// no memory
 			goto exit;
 		}
+		request.received = buf = newbuf;
 	}
 	request.received[request.receivedLen] = 0;