- Christian Krause reported and fixed a memory leak that would occur with HTTP

  GSS/kerberos authentication (http://curl.haxx.se/bug/view.cgi?id=2284386)

3 files changed, 8 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index bb93c2516..8cff19888 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,9 @@
                                   Changelog
 
 Daniel Stenberg (19 Nov 2008)
+- Christian Krause reported and fixed a memory leak that would occur with HTTP
+  GSS/kerberos authentication (http://curl.haxx.se/bug/view.cgi?id=2284386)
+
 - Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got
   when uploading files to a single FTP server using multiple easy handle
   handles with the multi interface. Occasionally a handle would stall in
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4318a8b62..5648dac1d 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -19,6 +19,7 @@ This release includes the following bugfixes:
    used
  o re-use of connections with the multi interface when multiple handles used
    the same server
+ o memory leak with HTTP GSS/kerberos authentication
 
 This release includes the following known bugs:
 
diff --git a/lib/http.c b/lib/http.c
index 85d99a057..1b20c37e7 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -458,6 +458,10 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
   }
 
   if(pickhost || pickproxy) {
+    /* In case this is GSS auth, the newurl field is already allocated so
+       we must make sure to free it before allocating a new one. As figured
+       out in bug #2284386 */
+    Curl_safefree(data->req.newurl);
     data->req.newurl = strdup(data->change.url); /* clone URL */
     if(!data->req.newurl)
       return CURLE_OUT_OF_MEMORY;