curl-library
[PATCH] ntlm_wb_response: fix theoretical memory leak
From: David Woodhouse <dwmw2_at_infradead.org>
Date: Thu, 16 Jul 2015 11:59:43 +0100
Received on 2015-07-16
Date: Thu, 16 Jul 2015 11:59:43 +0100
Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix
hard-coded limit on NTLM auth packet size") introduced a potential
memory leak on an error path, because we forget to free the buffer
before returning an error.
Fix this.
Although actually, it never happens in practice because we never *get*
here with state == NTLMSTATE_TYPE1. The state is always zero. That
might want cleaning up in a separate patch.
Reported-by: Terri Oda
---
lib/curl_ntlm_wb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
index d63fb27..b2a5fb3 100644
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -306,7 +306,7 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
if(state == NTLMSTATE_TYPE1 &&
len_out == 3 &&
buf[0] == 'P' && buf[1] == 'W')
- return CURLE_REMOTE_ACCESS_DENIED;
+ goto done;
/* invalid response */
if(len_out < 4)
goto done;
--
2.4.3
--
David Woodhouse Open Source Technology Centre
David.Woodhouse_at_intel.com Intel Corporation
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/x-pkcs7-signature attachment: smime.p7s