diff --git a/CHANGES b/CHANGES
index bc0f81528..cc00b88dc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,9 @@
 
 
 Daniel Stenberg (14 Apr 2008)
+- Andre Guibert de Bruet fixed a second case of not checking the malloc()
+  return code in the Negotiate code.
+
 - Sandor Feldi reported bug #1942022
   (http://curl.haxx.se/bug/view.cgi?id=1942022) pointing out a mistake in the
   lib/Makefile.vc[68] makefiles' release-ssl-dll target.
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index ac8ad5802..e7f934824 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -211,8 +211,10 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
         }
         else {
           free(input_token.value);
-          input_token.value = NULL;
           input_token.value = malloc(mechTokenLength);
+          if (input_token.value == NULL)
+            return CURLE_OUT_OF_MEMORY;
+
           memcpy(input_token.value, mechToken,mechTokenLength);
           input_token.length = mechTokenLength;
           free(mechToken);