diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-07-26 17:00:48 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-07-26 23:48:36 +0200 |
| commit | 376d5bb323c03c0fc4af266c03abac8f067fbd0e (patch) | |
| tree | 1ee4b2143b64e3af78c638e51688712f5e498bc2 | |
| parent | 730dc48253e0283cebfe31b29eb7dbec6c7d3d5d (diff) | |
| download | curl-376d5bb323c03c0fc4af266c03abac8f067fbd0e.tar.gz | |
ntlm: free target_info before (re-)malloc
OSS-Fuzz found a way this could get called again with the pointer still
pointing to a malloc'ed memory, leading to a leak.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
Closes #5724
| -rw-r--r-- | lib/vauth/ntlm.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index 3b46e1a46..ecfeacb9a 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -191,6 +191,7 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, return CURLE_BAD_CONTENT_ENCODING; } + free(ntlm->target_info); /* replace any previous data */ ntlm->target_info = malloc(target_info_len); if(!ntlm->target_info) return CURLE_OUT_OF_MEMORY; |