From c5cffce56e4c6f6c26e82438a61abf85e39cac4a Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Wed, 20 Jul 2016 22:00:45 -0400 Subject: vauth: Fix memleak by freeing credentials if out of memory This is a follow up to the parent commit dcdd4be which fixes one leak but creates another by failing to free the credentials handle if out of memory. Also there's a second location a few lines down where we fail to do same. This commit fixes both of those issues. --- lib/vauth/digest_sspi.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib/vauth/digest_sspi.c') diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c index fc37db0c5..6a7315eb5 100644 --- a/lib/vauth/digest_sspi.c +++ b/lib/vauth/digest_sspi.c @@ -420,7 +420,10 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, by the security package */ output_token = malloc(token_max); if(!output_token) { + s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_sspi_free_identity(p_identity); + return CURLE_OUT_OF_MEMORY; } @@ -448,6 +451,8 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, spn = Curl_convert_UTF8_to_tchar((char *) uripath); if(!spn) { + s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_sspi_free_identity(p_identity); free(output_token); -- cgit v1.2.3