cURL / Mailing Lists / curl-library / Single Mail


Re: Mem leak in curl_ntlm_msg.c

From: Christian Hägele <>
Date: Mon, 11 Feb 2013 16:51:00 +0100

Am 11.02.2013, 13:58 Uhr, schrieb Gisle Vanem <>:

>> I didn't have the opportunity to test the code, but as
> Really? You should build libcurl with '-DCURLDEBUG', do a
> "set CURL_MEMDEBUG=mem_trace_file", run
> tests\libtest\libntlmconnect.exe and check leaks with
> "perl tests\ mem_trace_file".

Maybe I'm stupid, but I couldn't get the unit-tests to work properly on
windows, yet.
I am using Visual-Studio (not Cygwin) to compile curl and libcurl.

> The trace from CURL_MEMDEBUG evidently show a mem-leak in the NTLM
> sources.
> Please take a look at it.

I think you got me wrong. I don't say that there is no memory leak, but
that your change breaks the existing code.
I just debugged through the code and made printf-debugging. When you try
to print out ntml->identity.Domain in curl_ntlm_msg.c:410 (right after
your inserted free) you will see that this pointer is a dangling pointer!
When domainlen is 0 that's not a problem, because the pointer doesn't get
accessed, but when a domain-name is set there will be a problem.

The libntlmconnect-test does not have a domain-name set. Maybe that's the
reason why the problem I am talking about didn't come up.

I know you are not into windows but as you already committed the patch
could you also have a quick look at it.



List admin:
Received on 2013-02-11