summaryrefslogtreecommitdiff
path: root/lib/vauth/ntlm.c
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2020-07-26 17:00:48 +0200
committerDaniel Stenberg <daniel@haxx.se>2020-07-26 23:48:36 +0200
commit376d5bb323c03c0fc4af266c03abac8f067fbd0e (patch)
tree1ee4b2143b64e3af78c638e51688712f5e498bc2 /lib/vauth/ntlm.c
parent730dc48253e0283cebfe31b29eb7dbec6c7d3d5d (diff)
downloadcurl-376d5bb323c03c0fc4af266c03abac8f067fbd0e.tar.gz
ntlm: free target_info before (re-)malloc
OSS-Fuzz found a way this could get called again with the pointer still pointing to a malloc'ed memory, leading to a leak. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379 Closes #5724
Diffstat (limited to 'lib/vauth/ntlm.c')
-rw-r--r--lib/vauth/ntlm.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index 3b46e1a46..ecfeacb9a 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -191,6 +191,7 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
return CURLE_BAD_CONTENT_ENCODING;
}
+ free(ntlm->target_info); /* replace any previous data */
ntlm->target_info = malloc(target_info_len);
if(!ntlm->target_info)
return CURLE_OUT_OF_MEMORY;