moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

gssapi: fix memory leak of output token in multi round context

Browse Source 
When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733
This commit is contained in:
Isaac Boukris 2017-07-22 02:00:46 +03:00 committed by Marcel Raad
parent 61046e7bd5
commit 0b11660234
No known key found for this signature in database
GPG Key ID: 33C416EFAE4D6F02
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/vauth/spnego_gssapi.c
View File

@ -180,6 +180,10 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
}
/* Free previous token */
if(nego->output_token.length && nego->output_token.value)
gss_release_buffer(&unused_status, &nego->output_token);
nego->output_token = output_token;
return CURLE_OK;