From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Oct 2025 14:51:55 +0000 (+0200)
Subject: krb5_gssapi: fix memory leak on error path
X-Git-Tag: rc-8_17_0-1~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c6505e0ef9c0368e9acbef5662eb15e43328b65;p=thirdparty%2Fcurl.git

krb5_gssapi: fix memory leak on error path

If a non-compliant amount of bytes is received, the function would
return error without free.

Reported-by: Joshua Rogers
Closes #18976
---

diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index 70144e5514..a414d0a359 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -225,6 +225,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
   /* Not 4 octets long so fail as per RFC4752 Section 3.1 */
   if(output_token.length != 4) {
     infof(data, "GSSAPI handshake failure (invalid security data)");
+    gss_release_buffer(&unused_status, &output_token);
     return CURLE_BAD_CONTENT_ENCODING;
   }