From acafe9c160e6c299d48d72ab93fdb7abfcbf3ed2 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sun, 24 Mar 2013 04:47:57 +0100 Subject: NTLM: fix several NTLM code paths memory leaks --- lib/curl_ntlm.c | 16 ++++++++-------- lib/http.c | 5 ++++- lib/url.c | 8 ++++---- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/lib/curl_ntlm.c b/lib/curl_ntlm.c index 72e446c8f..4d126a573 100644 --- a/lib/curl_ntlm.c +++ b/lib/curl_ntlm.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -181,7 +181,6 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, /* Create a type-1 message */ error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64, &len); - if(error) return error; @@ -190,8 +189,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", proxy ? "Proxy-" : "", base64); - DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd)); free(base64); + if(!*allocuserpwd) + return CURLE_OUT_OF_MEMORY; + DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd)); } break; @@ -207,8 +208,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", proxy ? "Proxy-" : "", base64); - DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); free(base64); + if(!*allocuserpwd) + return CURLE_OUT_OF_MEMORY; + DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */ authp->done = TRUE; @@ -218,10 +221,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, case NTLMSTATE_TYPE3: /* connection is already authenticated, * don't send a header in future requests */ - if(*allocuserpwd) { - free(*allocuserpwd); - *allocuserpwd = NULL; - } + Curl_safefree(*allocuserpwd); authp->done = TRUE; break; } diff --git a/lib/http.c b/lib/http.c index 0ba11133f..f4b7a48e7 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1739,8 +1739,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) conn->bits.authneg = FALSE; Curl_safefree(conn->allocptr.ref); - if(data->change.referer && !Curl_checkheaders(data, "Referer:")) + if(data->change.referer && !Curl_checkheaders(data, "Referer:")) { conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer); + if(!conn->allocptr.ref) + return CURLE_OUT_OF_MEMORY; + } else conn->allocptr.ref = NULL; diff --git a/lib/url.c b/lib/url.c index e401ca363..8c8f8b07c 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2523,13 +2523,13 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection) data->state.authproxy.want; } - if(has_host_ntlm || has_proxy_ntlm) { + if(has_host_ntlm || has_proxy_ntlm) data->state.authproblem = FALSE; - - Curl_http_ntlm_cleanup(conn); - } } + /* Cleanup NTLM connection-related data */ + Curl_http_ntlm_cleanup(conn); + /* Cleanup possible redirect junk */ if(data->req.newurl) { free(data->req.newurl); -- cgit v1.2.3