Commit dcdd4be3 authored by Saurav Babu's avatar Saurav Babu Committed by Daniel Stenberg
Browse files

vauth: Fixed memory leak due to function returning without free 

This patch allocates memory to "output_token" only when it is required
so that memory is not leaked if function returns.
parent c6d3fa11

lib/vauth/digest_sspi.c

+8 −7
Original line number Diff line number Diff line
@@ -387,12 +387,6 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, 
  /* Release the package buffer as it is not required anymore */

  s_pSecFn->FreeContextBuffer(SecurityPackage);



  /* Allocate the output buffer according to the max token size as indicated

     by the security package */

  output_token = malloc(token_max);

  if(!output_token)

    return CURLE_OUT_OF_MEMORY;



  if(userp && *userp) {

    /* Populate our identity structure */

    if(Curl_create_sspi_identity(userp, passwdp, &identity))
@@ -418,11 +412,18 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, 
                                              &credentials, &expiry);

  if(status != SEC_E_OK) {

    Curl_sspi_free_identity(p_identity);

    free(output_token);



    return CURLE_LOGIN_DENIED;

  }



  /* Allocate the output buffer according to the max token size as indicated

     by the security package */

  output_token = malloc(token_max);

  if(!output_token) {

    Curl_sspi_free_identity(p_identity);

    return CURLE_OUT_OF_MEMORY;

  }



  /* Setup the challenge "input" security buffer if present */

  chlg_desc.ulVersion    = SECBUFFER_VERSION;

  chlg_desc.cBuffers     = 3;