From 38ab7b4ccb18f03c0323d412ff0f3613cd66f5e5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 10 Oct 2017 14:34:57 +0200
Subject: smtp_done: free data before returning (on send failure)

... as otherwise it could leak that memory.

Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600

Assisted-by: Max Dymond
Closes #1977
---
 lib/smtp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/smtp.c b/lib/smtp.c
index de2dd3356..08d8148a3 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1188,6 +1188,9 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
   if(!smtp || !pp->conn)
     return CURLE_OK;
 
+  /* Cleanup our per-request based variables */
+  Curl_safefree(smtp->custom);
+
   if(status) {
     connclose(conn, "SMTP done with bad status"); /* marked for closure */
     result = status;         /* use the already set error code */
@@ -1246,9 +1249,6 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
     result = smtp_block_statemach(conn);
   }
 
-  /* Cleanup our per-request based variables */
-  Curl_safefree(smtp->custom);
-
   /* Clear the transfer mode for the next request */
   smtp->transfer = FTPTRANSFER_BODY;
 
-- 
cgit v1.2.3