moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 05:58:01 -05:00
Code Issues Releases Wiki Activity

ntlm: free target_info before (re-)malloc

Browse Source 
OSS-Fuzz found a way this could get called again with the pointer still
pointing to a malloc'ed memory, leading to a leak.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379

Closes #5724
This commit is contained in:
Daniel Stenberg 2020-07-26 17:00:48 +02:00
parent 730dc48253
commit 376d5bb323
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/vauth/ntlm.c
View File

@ -191,6 +191,7 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
return CURLE_BAD_CONTENT_ENCODING; return CURLE_BAD_CONTENT_ENCODING;
} }
free(ntlm->target_info); /* replace any previous data */
ntlm->target_info = malloc(target_info_len); ntlm->target_info = malloc(target_info_len);
if(!ntlm->target_info) if(!ntlm->target_info)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;