Isaac Boukris 0b11660234

gssapi: fix memory leak of output token in multi round context ...

When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733

2017-08-05 00:23:24 +02:00

..

cleartext.c

Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.

2016-11-24 14:28:39 +01:00

cram.c

internals: rename the SessionHandle struct to Curl_easy

2016-06-22 10:28:41 +02:00

digest_sspi.c

spelling fixes

2017-03-26 23:56:23 +02:00

digest.c

rand: treat fake entropy the same regardless of endianness

2017-05-08 23:24:29 +02:00

digest.h

URLs: change http to https in many places

2016-04-06 11:58:34 +02:00

krb5_gssapi.c

spelling fixes

2017-03-26 23:56:23 +02:00

krb5_sspi.c

spelling fixes

2017-03-26 23:56:23 +02:00

ntlm_sspi.c

vauth: Added check for supported SSPI based authentication mechanisms

2016-08-21 10:27:09 +01:00

ntlm.c

rand: treat fake entropy the same regardless of endianness

2017-05-08 23:24:29 +02:00

ntlm.h

use *.sourceforge.io and misc URL updates

2017-02-06 19:21:05 +00:00

oauth2.c

internals: rename the SessionHandle struct to Curl_easy

2016-06-22 10:28:41 +02:00

spnego_gssapi.c

gssapi: fix memory leak of output token in multi round context

2017-08-05 00:23:24 +02:00

spnego_sspi.c

sspi: print out InitializeSecurityContext() error message

2017-04-07 08:49:20 +02:00

vauth.c

sasl: Don't use GSSAPI authentication when domain name not specified

2016-08-21 11:56:23 +01:00

vauth.h

sasl: Don't use GSSAPI authentication when domain name not specified

2016-08-21 11:56:23 +01:00