From 60b19630b032d99270282e021216605718acc14d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 16 Jul 2015 14:17:33 -0400 Subject: [PATCH] ntlm_wb: Fix theoretical memory leak Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix hard-coded limit on NTLM auth packet size") introduced a potential memory leak on an error path, because we forget to free the buffer before returning an error. Fix this. Although actually, it never happens in practice because we never *get* here with state == NTLMSTATE_TYPE1. The state is always zero. That might want cleaning up in a separate patch. Reported-by: Terri Oda --- lib/curl_ntlm_wb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index d63fb277b..b2a5fb343 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -306,7 +306,7 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, if(state == NTLMSTATE_TYPE1 && len_out == 3 && buf[0] == 'P' && buf[1] == 'W') - return CURLE_REMOTE_ACCESS_DENIED; + goto done; /* invalid response */ if(len_out < 4) goto done;