From 697592b3dd9b5e3338d74a4047caf260dacdb8dc Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Fri, 5 Dec 2014 00:18:13 +0000
Subject: [PATCH] sasl_sspi: Free the Kerberos V5 challenge as soon as we're
 done with it

Reduced the amount of free's required for the decoded challenge message
in Curl_sasl_create_gssapi_security_message() as a result of coding it
differently in the sasl_gssapi module.
---
 lib/curl_sasl_sspi.c | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c
index 99ea6cab3..883a0ee68 100644
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -1046,18 +1046,16 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
     return CURLE_BAD_CONTENT_ENCODING;
   }
 
-  /* Copy the data out and free the SSPI allocated buffer as it is not required
-     anymore */
+  /* Copy the data out and free the challenge as it is not required anymore */
   memcpy(&indata, input_buf[1].pvBuffer, 4);
   s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer);
+  Curl_safefree(chlg);
 
   /* Extract the security layer */
   sec_layer = indata & 0x000000FF;
   if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) {
     infof(data, "GSSAPI handshake failure (invalid security layer)\n");
 
-    Curl_safefree(chlg);
-
     return CURLE_BAD_CONTENT_ENCODING;
   }
 
@@ -1074,17 +1072,13 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
 
   /* Allocate the trailer */
   trailer = malloc(sizes.cbSecurityTrailer);
-  if(!trailer) {
-    Curl_safefree(chlg);
-
+  if(!trailer)
     return CURLE_OUT_OF_MEMORY;
-  }
 
   /* Convert the user name to UTF8 when operating with Unicode */
   user_name = Curl_convert_tchar_to_UTF8(names.sUserName);
   if(!user_name) {
     Curl_safefree(trailer);
-    Curl_safefree(chlg);
 
     return CURLE_OUT_OF_MEMORY;
   }
@@ -1094,7 +1088,6 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
   message = malloc(messagelen);
   if(!message) {
     Curl_safefree(trailer);
-    Curl_safefree(chlg);
     Curl_unicodefree(user_name);
 
     return CURLE_OUT_OF_MEMORY;
@@ -1114,7 +1107,6 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
   if(!padding) {
     Curl_safefree(message);
     Curl_safefree(trailer);
-    Curl_safefree(chlg);
 
     return CURLE_OUT_OF_MEMORY;
   }
@@ -1140,7 +1132,6 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
     Curl_safefree(padding);
     Curl_safefree(message);
     Curl_safefree(trailer);
-    Curl_safefree(chlg);
 
     return CURLE_OUT_OF_MEMORY;
   }
@@ -1153,7 +1144,6 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
     Curl_safefree(padding);
     Curl_safefree(message);
     Curl_safefree(trailer);
-    Curl_safefree(chlg);
 
     return CURLE_OUT_OF_MEMORY;
   }
@@ -1174,7 +1164,6 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
   Curl_safefree(padding);
   Curl_safefree(message);
   Curl_safefree(trailer);
-  Curl_safefree(chlg);
 
   return result;
 }