krb5-gssapi: Remove several memory leaks.

Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and
we were leaking it). Now we just pass NULL as advised in RFC2744.

|tmp| was never set back to buf->data.

Cleaned up Curl_sec_end to take into account failure in Curl_sec_login
(where conn->mech would be NULL but not conn->app_data or
conn->in_buffer->data).

1 files changed, 12 insertions, 3 deletions

diff --git a/lib/security.c b/lib/security.c
index 303a1bec6..73a554016 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -216,6 +216,7 @@ static CURLcode read_data(struct connectdata *conn,
   if (tmp == NULL)
     return CURLE_OUT_OF_MEMORY;
 
+  buf->data = tmp;
   ret = socket_read(fd, buf->data, len);
   if (ret != CURLE_OK)
     return ret;
@@ -567,12 +568,20 @@ Curl_sec_login(struct connectdata *conn)
 void
 Curl_sec_end(struct connectdata *conn)
 {
-  if(conn->mech != NULL) {
-    if(conn->mech->end)
-      conn->mech->end(conn->app_data);
+  if(conn->mech != NULL && conn->mech->end)
+    conn->mech->end(conn->app_data);
+  if(conn->app_data) {
     free(conn->app_data);
     conn->app_data = NULL;
   }
+  if(conn->in_buffer.data) {
+    free(conn->in_buffer.data);
+    conn->in_buffer.data = NULL;
+    conn->in_buffer.size = 0;
+    conn->in_buffer.index = 0;
+    /* FIXME: Is this really needed? */
+    conn->in_buffer.eof_flag = 0;
+  }
   conn->sec_complete = 0;
   conn->data_prot = (enum protection_level)0;
   conn->mech = NULL;