Commit c5cffce5 authored by Jay Satiro's avatar Jay Satiro
Browse files

vauth: Fix memleak by freeing credentials if out of memory 

This is a follow up to the parent commit dcdd4be3 which fixes one leak
but creates another by failing to free the credentials handle if out of
memory. Also there's a second location a few lines down where we fail to
do same. This commit fixes both of those issues.
parent dcdd4be3

lib/vauth/digest_sspi.c

+5 −0
Original line number Diff line number Diff line
@@ -420,7 +420,10 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, 
     by the security package */

  output_token = malloc(token_max);

  if(!output_token) {

    s_pSecFn->FreeCredentialsHandle(&credentials);



    Curl_sspi_free_identity(p_identity);



    return CURLE_OUT_OF_MEMORY;

  }
@@ -448,6 +451,8 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, 


  spn = Curl_convert_UTF8_to_tchar((char *) uripath);

  if(!spn) {

    s_pSecFn->FreeCredentialsHandle(&credentials);



    Curl_sspi_free_identity(p_identity);

    free(output_token);