From 636ac508896ffa74f0c94eae26deef4a97072678 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 26 Jul 2020 17:00:48 +0200
Subject: ntlm: free target_info before (re-)malloc

OSS-Fuzz found a way this could get called again with the pointer still
pointing to a malloc'ed memory, leading to a leak.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
---
 lib/vauth/ntlm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index 3b46e1a46..ecfeacb9a 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -191,6 +191,7 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
         return CURLE_BAD_CONTENT_ENCODING;
       }
 
+      free(ntlm->target_info); /* replace any previous data */
       ntlm->target_info = malloc(target_info_len);
       if(!ntlm->target_info)
         return CURLE_OUT_OF_MEMORY;
-- 
cgit v1.2.1