From 4b3ae5e1575fd40d3ca969fda2f23e46182cf0b8 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 19 Nov 2008 14:22:01 +0000
Subject: [PATCH] - Christian Krause reported and fixed a memory leak that
 would occur with HTTP   GSS/kerberos authentication
 (http://curl.haxx.se/bug/view.cgi?id=2284386)

---
 CHANGES       | 3 +++
 RELEASE-NOTES | 1 +
 lib/http.c    | 4 ++++
 3 files changed, 8 insertions(+)

diff --git a/CHANGES b/CHANGES
index bb93c2516c..8cff198884 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,9 @@
                                   Changelog
 
 Daniel Stenberg (19 Nov 2008)
+- Christian Krause reported and fixed a memory leak that would occur with HTTP
+  GSS/kerberos authentication (http://curl.haxx.se/bug/view.cgi?id=2284386)
+
 - Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got
   when uploading files to a single FTP server using multiple easy handle
   handles with the multi interface. Occasionally a handle would stall in
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4318a8b62a..5648dac1d8 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -19,6 +19,7 @@ This release includes the following bugfixes:
    used
  o re-use of connections with the multi interface when multiple handles used
    the same server
+ o memory leak with HTTP GSS/kerberos authentication
 
 This release includes the following known bugs:
 
diff --git a/lib/http.c b/lib/http.c
index 85d99a057e..1b20c37e7a 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -458,6 +458,10 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
   }
 
   if(pickhost || pickproxy) {
+    /* In case this is GSS auth, the newurl field is already allocated so
+       we must make sure to free it before allocating a new one. As figured
+       out in bug #2284386 */
+    Curl_safefree(data->req.newurl);
     data->req.newurl = strdup(data->change.url); /* clone URL */
     if(!data->req.newurl)
       return CURLE_OUT_OF_MEMORY;
-- 
GitLab