From 84eb9fee765d8614b5f4d56e1db3ea02322301fe Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 12 Apr 2008 11:50:51 +0000
Subject: - Andre Guibert de Bruet found and fixed a case where malloc() was
 called but   was not checked for a NULL return, in the Negotiate code.

---
 lib/http_negotiate.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index f4aab7de4..ac8ad5802 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -116,6 +116,8 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
   infof(conn->data, "%s", buf);
 }
 
+/* returning zero (0) means success, everything else is treated as "failure"
+   with no care exactly what the failure was */
 int Curl_input_negotiate(struct connectdata *conn, bool proxy,
                          const char *header)
 {
@@ -185,9 +187,13 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
         unsigned char * mechToken         = NULL;
         size_t          mechTokenLength   = 0;
 
-        spnegoToken = malloc(input_token.length);
         if(input_token.value == NULL)
-          return ENOMEM;
+          return CURLE_OUT_OF_MEMORY;
+
+        spnegoToken = malloc(input_token.length);
+        if(spnegoToken == NULL)
+          return CURLE_OUT_OF_MEMORY;
+
         spnegoTokenLength = input_token.length;
 
         object = OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
-- 
cgit v1.2.3