summaryrefslogtreecommitdiff
path: root/lib/vauth
diff options
context:
space:
mode:
authorSaurav Babu <saurav.babu@samsung.com>2016-07-20 11:08:02 +0200
committerDaniel Stenberg <daniel@haxx.se>2016-07-20 23:21:49 +0200
commitdcdd4be35213d4ba36e41ad92fe2ae4ddab1205d (patch)
tree8c18079086aa3d7dcaa534e1de8c9ee99f9e1e9d /lib/vauth
parentc6d3fa11e687808ea9f0047d591a39135a4b9f4e (diff)
downloadcurl-dcdd4be35213d4ba36e41ad92fe2ae4ddab1205d.tar.gz
vauth: Fixed memory leak due to function returning without free
This patch allocates memory to "output_token" only when it is required so that memory is not leaked if function returns.
Diffstat (limited to 'lib/vauth')
-rw-r--r--lib/vauth/digest_sspi.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c
index c5bb35aca..fc37db0c5 100644
--- a/lib/vauth/digest_sspi.c
+++ b/lib/vauth/digest_sspi.c
@@ -387,12 +387,6 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
/* Release the package buffer as it is not required anymore */
s_pSecFn->FreeContextBuffer(SecurityPackage);
- /* Allocate the output buffer according to the max token size as indicated
- by the security package */
- output_token = malloc(token_max);
- if(!output_token)
- return CURLE_OUT_OF_MEMORY;
-
if(userp && *userp) {
/* Populate our identity structure */
if(Curl_create_sspi_identity(userp, passwdp, &identity))
@@ -418,11 +412,18 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
&credentials, &expiry);
if(status != SEC_E_OK) {
Curl_sspi_free_identity(p_identity);
- free(output_token);
return CURLE_LOGIN_DENIED;
}
+ /* Allocate the output buffer according to the max token size as indicated
+ by the security package */
+ output_token = malloc(token_max);
+ if(!output_token) {
+ Curl_sspi_free_identity(p_identity);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
/* Setup the challenge "input" security buffer if present */
chlg_desc.ulVersion = SECBUFFER_VERSION;
chlg_desc.cBuffers = 3;