- Andre Guibert de Bruet found and fixed a case where malloc() was called but

was not checked for a NULL return, in the Negotiate code.
author: Daniel Stenberg <daniel@haxx.se> 2008-04-12 11:50:51 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2008-04-12 11:50:51 +0000
commit: 84eb9fee765d8614b5f4d56e1db3ea02322301fe (patch)
tree: 4dd31f6f98ecf8ba4d5b61786af3b2ad902952fd /lib/http_negotiate.c
parent: 79300cdcd988e65c37bd3d9b391cd7a73ebefc6b (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index f4aab7de4..ac8ad5802 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -116,6 +116,8 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
   infof(conn->data, "%s", buf);
 }
 
+/* returning zero (0) means success, everything else is treated as "failure"
+   with no care exactly what the failure was */
 int Curl_input_negotiate(struct connectdata *conn, bool proxy,
                          const char *header)
 {
@@ -185,9 +187,13 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
         unsigned char * mechToken         = NULL;
         size_t          mechTokenLength   = 0;
 
-        spnegoToken = malloc(input_token.length);
         if(input_token.value == NULL)
-          return ENOMEM;
+          return CURLE_OUT_OF_MEMORY;
+
+        spnegoToken = malloc(input_token.length);
+        if(spnegoToken == NULL)
+          return CURLE_OUT_OF_MEMORY;
+
         spnegoTokenLength = input_token.length;
 
         object = OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
author	Daniel Stenberg <daniel@haxx.se>	2008-04-12 11:50:51 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2008-04-12 11:50:51 +0000
commit	84eb9fee765d8614b5f4d56e1db3ea02322301fe (patch)
tree	4dd31f6f98ecf8ba4d5b61786af3b2ad902952fd /lib/http_negotiate.c
parent	79300cdcd988e65c37bd3d9b391cd7a73ebefc6b (diff)