curl-library
[PATCH] vauth: Fixed memory leak due to function returning without free
From: Saurav Babu <saurav.babu_at_samsung.com>
Date: Wed, 20 Jul 2016 14:38:02 +0530
Date: Wed, 20 Jul 2016 14:38:02 +0530
This patch allocates memory to "output_token" only when it is required
so that memory is not leaked if function returns.
--- lib/vauth/digest_sspi.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c index c5bb35a..fc37db0 100644 --- a/lib/vauth/digest_sspi.c +++ b/lib/vauth/digest_sspi.c @@ -387,12 +387,6 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, /* Release the package buffer as it is not required anymore */ s_pSecFn->FreeContextBuffer(SecurityPackage); - /* Allocate the output buffer according to the max token size as indicated - by the security package */ - output_token = malloc(token_max); - if(!output_token) - return CURLE_OUT_OF_MEMORY; - if(userp && *userp) { /* Populate our identity structure */ if(Curl_create_sspi_identity(userp, passwdp, &identity)) @@ -418,11 +412,18 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, &credentials, &expiry); if(status != SEC_E_OK) { Curl_sspi_free_identity(p_identity); - free(output_token); return CURLE_LOGIN_DENIED; } + /* Allocate the output buffer according to the max token size as indicated + by the security package */ + output_token = malloc(token_max); + if(!output_token) { + Curl_sspi_free_identity(p_identity); + return CURLE_OUT_OF_MEMORY; + } + /* Setup the challenge "input" security buffer if present */ chlg_desc.ulVersion = SECBUFFER_VERSION; chlg_desc.cBuffers = 3; -- 1.9.1 ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2016-07-20