Hi

Using curl with fbopenssl crashed the program due to incorrect memory free
operations.

Explanation - fbopenssl internally did malloc and the free operation
attempted gss_release_buffer(). Fbopenssl internal documentation expects
free operation of type free()

The following patch allows curl sane behavior in case of SPNEGO
authentication

I edited http_negotiate.c

Command executed: diff http_negotiate.c http_negotiatenew.c

317c317
< gss_release_buffer(&discard_st, &spnegoToken);

---
>         Curl_safefree(spnegoToken.value);
335c335,339
<     gss_release_buffer(&discard_st, &neg_ctx->output_token);
---
>     #ifdef HAVE_SPNEGO
>   Curl_safefree(neg_ctx->output_token.value);
> #else
>   gss_release_buffer(&discard_st, &neg_ctx->output_token);
> #endif
342c346,350
<     gss_release_buffer(&discard_st, &neg_ctx->output_token);
---
>     #ifdef HAVE_SPNEGO
>   Curl_safefree(neg_ctx->output_token.value);
> #else
>   gss_release_buffer(&discard_st, &neg_ctx->output_token);
> #endif
371,372c379,386
<   if(neg_ctx->output_token.value)
<     gss_release_buffer(&minor_status, &neg_ctx->output_token);
---
>   if(neg_ctx->output_token.value) {
>     #ifdef HAVE_SPNEGO
> Curl_safefree(neg_ctx->output_token.value);
> #else
> if(neg_ctx->output_token.value)
> gss_release_buffer(&minor_status, &neg_ctx->output_token);
> #endif
>   }
P.S - I have used windows Gnu diff utils. If some other format is needed do
let me know.
Note: I have attached the diff file and the new implementation file for
your perusal. The patch is with respect to curl-7.32.0.
Yours sincerely
-- 
Arunav Sanyal
Graduate student
B.E (Hons) Computer Science
BITS Pilani K.K Birla Goa Campus

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html