Unverified Commit 38ab7b4c authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

smtp_done: free data before returning (on send failure) 

... as otherwise it could leak that memory.

Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600

Assisted-by: Max Dymond
Closes #1977
parent ecf21c55

lib/smtp.c

+3 −3
Original line number Diff line number Diff line
@@ -1188,6 +1188,9 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status, 
  if(!smtp || !pp->conn)

    return CURLE_OK;



  /* Cleanup our per-request based variables */

  Curl_safefree(smtp->custom);



  if(status) {

    connclose(conn, "SMTP done with bad status"); /* marked for closure */

    result = status;         /* use the already set error code */
@@ -1246,9 +1249,6 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status, 
    result = smtp_block_statemach(conn);

  }



  /* Cleanup our per-request based variables */

  Curl_safefree(smtp->custom);



  /* Clear the transfer mode for the next request */

  smtp->transfer = FTPTRANSFER_BODY;