NTLM: fix several NTLM code paths memory leaks

diff --git a/lib/curl_ntlm.c b/lib/curl_ntlm.c
index 72e446c8fde8c60fa55800871c7ed13503ab77fc..4d126a573ee4c7e41f0322608f0e12ee1fcffd94 100644 (file)
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -181,7 +181,6 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
     /* Create a type-1 message */
     error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
                                            &len);
-
     if(error)
       return error;
 
@@ -190,8 +189,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
       *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                               proxy ? "Proxy-" : "",
                               base64);
-      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
       free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
     }
     break;
 
@@ -207,8 +208,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
       *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                               proxy ? "Proxy-" : "",
                               base64);
-      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
       free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
 
       ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
       authp->done = TRUE;
@@ -218,10 +221,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
   case NTLMSTATE_TYPE3:
     /* connection is already authenticated,
      * don't send a header in future requests */
-    if(*allocuserpwd) {
-      free(*allocuserpwd);
-      *allocuserpwd = NULL;
-    }
+    Curl_safefree(*allocuserpwd);
     authp->done = TRUE;
     break;
   }

diff --git a/lib/http.c b/lib/http.c
index 0ba11133ff4935b902f33178b76604d3a4409c24..f4b7a48e7172b28cdfb21d76fa67c4b24aff7397 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -1739,8 +1739,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
     conn->bits.authneg = FALSE;
 
   Curl_safefree(conn->allocptr.ref);
-  if(data->change.referer && !Curl_checkheaders(data, "Referer:"))
+  if(data->change.referer && !Curl_checkheaders(data, "Referer:")) {
     conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
+    if(!conn->allocptr.ref)
+      return CURLE_OUT_OF_MEMORY;
+  }
   else
     conn->allocptr.ref = NULL;
 

diff --git a/lib/url.c b/lib/url.c
index e401ca363947b66fcb899fb713cd21bf5927bbb0..8c8f8b07c351299118e38b4fb9e2585ada932e81 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -2523,13 +2523,13 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
         data->state.authproxy.want;
     }
 
-    if(has_host_ntlm || has_proxy_ntlm) {
+    if(has_host_ntlm || has_proxy_ntlm)
       data->state.authproblem = FALSE;
-
-      Curl_http_ntlm_cleanup(conn);
-    }
   }
 
+  /* Cleanup NTLM connection-related data */
+  Curl_http_ntlm_cleanup(conn);
+
   /* Cleanup possible redirect junk */
   if(data->req.newurl) {
     free(data->req.newurl);