1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

vauth: Fixed memory leak due to function returning without free

This patch allocates memory to "output_token" only when it is required
so that memory is not leaked if function returns.
This commit is contained in:
Saurav Babu 2016-07-20 11:08:02 +02:00 committed by Daniel Stenberg
parent c6d3fa11e6
commit dcdd4be352

View File

@ -387,12 +387,6 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
/* Release the package buffer as it is not required anymore */ /* Release the package buffer as it is not required anymore */
s_pSecFn->FreeContextBuffer(SecurityPackage); s_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate the output buffer according to the max token size as indicated
by the security package */
output_token = malloc(token_max);
if(!output_token)
return CURLE_OUT_OF_MEMORY;
if(userp && *userp) { if(userp && *userp) {
/* Populate our identity structure */ /* Populate our identity structure */
if(Curl_create_sspi_identity(userp, passwdp, &identity)) if(Curl_create_sspi_identity(userp, passwdp, &identity))
@ -418,11 +412,18 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
&credentials, &expiry); &credentials, &expiry);
if(status != SEC_E_OK) { if(status != SEC_E_OK) {
Curl_sspi_free_identity(p_identity); Curl_sspi_free_identity(p_identity);
free(output_token);
return CURLE_LOGIN_DENIED; return CURLE_LOGIN_DENIED;
} }
/* Allocate the output buffer according to the max token size as indicated
by the security package */
output_token = malloc(token_max);
if(!output_token) {
Curl_sspi_free_identity(p_identity);
return CURLE_OUT_OF_MEMORY;
}
/* Setup the challenge "input" security buffer if present */ /* Setup the challenge "input" security buffer if present */
chlg_desc.ulVersion = SECBUFFER_VERSION; chlg_desc.ulVersion = SECBUFFER_VERSION;
chlg_desc.cBuffers = 3; chlg_desc.cBuffers = 3;