diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-07-26 17:00:48 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-07-26 17:00:48 +0200 |
| commit | 636ac508896ffa74f0c94eae26deef4a97072678 (patch) | |
| tree | 1ee4b2143b64e3af78c638e51688712f5e498bc2 | |
| parent | 730dc48253e0283cebfe31b29eb7dbec6c7d3d5d (diff) | |
| download | curl-bagder/ntlm-fuzz-memleak.tar.gz | |
ntlm: free target_info before (re-)mallocbagder/ntlm-fuzz-memleak
OSS-Fuzz found a way this could get called again with the pointer still
pointing to a malloc'ed memory, leading to a leak.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
| -rw-r--r-- | lib/vauth/ntlm.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index 3b46e1a46..ecfeacb9a 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -191,6 +191,7 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, return CURLE_BAD_CONTENT_ENCODING; } + free(ntlm->target_info); /* replace any previous data */ ntlm->target_info = malloc(target_info_len); if(!ntlm->target_info) return CURLE_OUT_OF_MEMORY; |