From 376d5bb323c03c0fc4af266c03abac8f067fbd0e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 26 Jul 2020 17:00:48 +0200 Subject: [PATCH] ntlm: free target_info before (re-)malloc OSS-Fuzz found a way this could get called again with the pointer still pointing to a malloc'ed memory, leading to a leak. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379 Closes #5724 --- lib/vauth/ntlm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index 3b46e1a46..ecfeacb9a 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -191,6 +191,7 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, return CURLE_BAD_CONTENT_ENCODING; } + free(ntlm->target_info); /* replace any previous data */ ntlm->target_info = malloc(target_info_len); if(!ntlm->target_info) return CURLE_OUT_OF_MEMORY;